Cloud Security Rules

RULE	SERVICE GROUP
M IAM user does not have MFA (virtual or hardware) enabled	IAM
M IAM user has privileged roles at project level	IAM
M IAM user is not a member of at least one group	IAM
M IAM user login profile does not enforce resetting the generated password	IAM
M IAM users should not have both KMS admin and any of the KMS encrypter/decrypter roles.	IAM
M Infrastructure Encryption is not enabled	Storage
M IP forwarding enabled on the instance template	Compute
M IP forwarding is enabled	Compute Engine
M IP forwarding is enabled on the instance	Compute Engine
M Job bookmarks generated by Glue are not encrypted	Glue
M Key Vault accidental purge prevention is disabled	Key Vault
M Key Vault is not protected by firewall	Key Vault
M Key Vault logging is not enabled	Monitor
M Key Vault purge protection is disabled	Key Vault
M Key Vault soft deletion is not set to 90 days	Key Vault
M KMS key does not have key rotation enabled	KMS
M KMS keys are not automatically rotated	Cloud KMS
M Kubernetes API Server allows public access	Container
M Kubernetes Cluster is not VPC-Native.	Kubernetes (Container) Engine
M Lambda Functions are not deployed within a VPC	Lambda
M Lambda functions missing provisioned concurrency configuration	Lambda
M Lambda permission has wildcard principal	Lambda
M Legacy ABAC is enabled	Kubernetes (Container) Engine
M Linux virtual machine has password authentication enabled	Compute
M Linux VM scale set encryption at host is disabled	Compute
M Load balancer access logging is not enabled	ELB
M Load balancer is internet facing	ELB
M Logging is not enabled on storage bucket	Cloud Storage
M Logging metric filter and alert for audit configuration changes are not configured	Monitor
M Logging metric filter and alert for custom role changes are not configured	IAM

Previous Next

AWS

Azure

Google

Kubernetes