Policy: GCP > CIS v3.0 > 7 - BigQuery > 7.04 - Ensure all data in BigQuery has been classified

Configures auditing against a CIS Benchmark item.

Level: 2

BigQuery tables can contain sensitive data that for security purposes should be discovered, monitored, classified, and protected. Google Cloud's Sensitive Data Protection tools can automatically provide data classification of all BigQuery data across an organization.

Targets

This policy targets the following resource types:

GCP > BigQuery > Dataset

Primary Policy

This policy is used with the following primary policy:

GCP > CIS v3.0 > 7 - BigQuery

Attestation

Controls

Setting this policy configures this control:

GCP > CIS v3.0 > 7 - BigQuery > 7.04 - Ensure all data in BigQuery has been classified

Policy Specification

Schema Type	`string`
Default	`Per GCP > CIS v3.0 > 7 - BigQuery`
Valid Values [YAML]	`Per GCP > CIS v3.0 > 7 - BigQuery` `Skip` `Check: Benchmark using attestation`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/v071408

Policy Type URI

tmod:@turbot/gcp-cisv3-0#/policy/types/r0704

GraphQL

query policyType(id: "tmod:@turbot/gcp-cisv3-0#/policy/types/r0704") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/gcp-cisv3-0#/policy/types/r0704'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/gcp-cisv3-0#/policy/types/r0704'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/gcp-cisv3-0#/policy/types/r0704"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-cisv3-0#/policy/types/r0704"