Control: GCP > CIS v2.0 > 4 - Virtual Machines

Primary Policies

The following policies can be used to configure this control:

• 4 - Virtual Machines > 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
• 4 - Virtual Machines > 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
• 4 - Virtual Machines > 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
• 4 - Virtual Machines > 4.04 - Ensure Oslogin Is Enabled for a Project
• 4 - Virtual Machines > 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
• 4 - Virtual Machines > 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
• 4 - Virtual Machines > 4.07 - Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)
• 4 - Virtual Machines > 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
• 4 - Virtual Machines > 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
• 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections
• 4 - Virtual Machines > 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections > Attestation
• 4 - Virtual Machines > 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
• 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
• 4 - Virtual Machines > 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects > Attestation
• 4 - Virtual Machines
• 4 - Virtual Machines > Maximum Attestation Duration

Category

• CIS

In Your Workspace

• Controls by Resource report
• Controls by Control Type report

Developers

Control Type URI

tmod:@turbot/gcp-cisv2-0#/control/types/s04

Category URI

tmod:@turbot/cis#/control/categories/cis

GraphQL

query controlType(id: "tmod:@turbot/gcp-cisv2-0#/control/types/s04") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-cisv2-0#/control/types/s04'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-cisv2-0#/control/types/s04"