Policy Settings
The GCP CIS v2.0.0 - Section 3 - Networking policy pack has 12 policy settings:
| Policy | Setting | Note |
|---|---|---|
| GCP > DNS > Managed Zone > Approved | Check: Approved | GCP CIS v2.0.0 - Control: 3.4 and 3.5 |
| GCP > DNS > Managed Zone > Approved > Custom | Calculated | GCP CIS v2.0.0 - Control: 3.4 and 3.5 |
| GCP > DNS > Managed Zone > DNSSEC Configuration | Check: Enabled | GCP CIS v2.0.0 - Control: 3.3 |
| GCP > Network > Firewall > Approved | Check: Approved | GCP CIS v2.0.0 - Control: 3.10 |
| GCP > Network > Firewall > Approved > Custom | Calculated | GCP CIS v2.0.0 - Control: 3.10 |
| GCP > Network > Firewall > Ingress Rules > Approved | Check: Approved | GCP CIS v2.0.0 - Control: 3.6 and 3.7 |
| GCP > Network > Firewall > Ingress Rules > Approved > Rules | REJECT $.turbot.cidr:0.0.0.0/0 $.turbot.ports=22,3389 APPROVE * | GCP CIS v2.0.0 - Control: 3.6 and 3.7 |
| GCP > Network > Network > Approved | Check: Approved | GCP CIS v2.0.0 - Control: 3.1 and 3.2 |
| GCP > Network > Network > Approved > Custom | Calculated | GCP CIS v2.0.0 - Control: 3.1 and 3.2 |
| GCP > Network > SSL Policy > Minimum TLS Version | Check: TLS 1.2 | GCP CIS v2.0.0 - Control: 3.9 |
| GCP > Network > SSL Policy > Profile | Check: Restricted | GCP CIS v2.0.0 - Control: 3.9 |
| GCP > Network > Subnetwork > Flow Log | Check: Enabled | GCP CIS v2.0.0 - Control: 3.8 |