Policy: GCP > CIS v1 > Maximum Attestation Duration
The maximum duration for CIS Attestations. Attestation policies can not be set further in the future than is specified here
Targets
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
Setting this policy configures these controls:
- GCP > CIS v1 > 1 Identity and Access Management > 1.02 Ensure that multi-factor authentication is enabled for all non-service accounts (Not Scored)
- GCP > CIS v1 > 1 Identity and Access Management > 1.03 Ensure that there are only GCP-managed service account keys for each service account (Scored)
- GCP > CIS v1 > 1 Identity and Access Management > 1.10 Ensure API keys are not created for a project (Not Scored)
- GCP > CIS v1 > 1 Identity and Access Management > 1.11 Ensure API keys are restricted to use by only specified Hosts and Apps (Not Scored)
- GCP > CIS v1 > 1 Identity and Access Management > 1.12 Ensure API keys are restricted to only APIs that application needs access (Not Scored)
- GCP > CIS v1 > 1 Identity and Access Management > 1.13 Ensure API keys are rotated every 90 days (Scored)
- GCP > CIS v1 > 6 Cloud SQL Database Services > 6.03 Ensure that MySql database instance does not allow anyone to connect with administrative privileges. (Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.18 Ensure Kubernetes Clusters created with limited service account Access scopes for Project access (Scored)
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/gcp-cisv1#/policy/types/attestation
- turbot graphql policy-type --id "tmod:@turbot/gcp-cisv1#/policy/types/attestation"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-cisv1#/policy/types/attestation"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI