Policy: GCP > CIS v2.0 > 4 - Virtual Machines
This section contains recommendations to address virtual machines on Google Cloud Platform.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Related Policies
- 4.01 - Ensure That Instances Are Not Configured To Use the Default Service Account
- 4.02 - Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs
- 4.03 - Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances
- 4.04 - Ensure Oslogin Is Enabled for a Project
- 4.05 - Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance
- 4.06 - Ensure That IP Forwarding Is Not Enabled on Instances
- 4.07 - Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)
- 4.08 - Ensure Compute Instances Are Launched With Shielded VM Enabled
- 4.09 - Ensure That Compute Instances Do Not Have Public IP Addresses
- 4.10 - Ensure That App Engine Applications Enforce HTTPS Connections
- 4.11 - Ensure That Compute Instances Have Confidential Computing Enabled
- 4.12 - Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
- Maximum Attestation Duration
Controls
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/gcp-cisv2-0#/policy/types/s04
- turbot graphql policy-type --id "tmod:@turbot/gcp-cisv2-0#/policy/types/s04"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-cisv2-0#/policy/types/s04"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI