Policy Settings

The GCP CIS v2.0.0 - Section 4 - Virtual Machines policy pack has 12 policy settings:

Policy	Setting	Note
GCP > Compute Engine > Disk > Approved	Check: Approved	GCP CIS v2.0.0 - Control: 4.7
GCP > Compute Engine > Disk > Approved > Encryption at Rest	Customer supplied key	GCP CIS v2.0.0 - Control: 4.7
GCP > Compute Engine > Instance > Approved	Check: Approved	GCP CIS v2.0.0 - Control: 4.1, 4.2, 4.6 and 4.11
GCP > Compute Engine > Instance > Approved > Custom	Calculated	GCP CIS v2.0.0 - Control: 4.1, 4.2 and 4.11
GCP > Compute Engine > Instance > Approved > IP Forwarding	Approved if disabled	GCP CIS v2.0.0 - Control: 4.6
GCP > Compute Engine > Instance > Block Project Wide SSH Keys	Check: Enabled	GCP CIS v2.0.0 - Control: 4.3
GCP > Compute Engine > Instance > External IP Addresses	Check: None	GCP CIS v2.0.0 - Control: 4.9
GCP > Compute Engine > Instance > Serial Port Access	Check: Disabled	GCP CIS v2.0.0 - Control: 4.5
GCP > Compute Engine > Instance > Shielded Instance Configuration	Check: Enabled per `Shielded Instance Configuration > *`	GCP CIS v2.0.0 - Control: 4.8
GCP > Compute Engine > Instance > Shielded Instance Configuration > Integrity Monitoring	Enabled	GCP CIS v2.0.0 - Control: 4.8
GCP > Compute Engine > Instance > Shielded Instance Configuration > vTPM	Enabled	GCP CIS v2.0.0 - Control: 4.8
GCP > Compute Engine > Project > OS Login Enabled	Check: Enabled	GCP CIS v2.0.0 - Control: 4.4