Policy Packs
GCP CIS v2.0.0 - Section 6 - Cloud SQL Database Services

Policy Settings

The GCP CIS v2.0.0 - Section 6 - Cloud SQL Database Services policy pack has 12 policy settings:

PolicySettingNote
GCP > SQL > Instance > ApprovedCheck: ApprovedGCP CIS v2.0.0 - Control: 6.2.9
GCP > SQL > Instance > Approved > CustomCalculatedGCP CIS v2.0.0 - Control: 6.2.9
GCP > SQL > Instance > Authorized Network > ApprovedCheck: ApprovedGCP CIS v2.0.0 - Control: 6.5
GCP > SQL > Instance > Authorized Network > Approved > CIDR Ranges- "10.2.1.2/24" - "172.141.23.22/26" GCP CIS v2.0.0 - Control: 6.5
GCP > SQL > Instance > Data Protection > Managed BackupsSkipGCP CIS v2.0.0 - Control: 6.7
GCP > SQL > Instance > Data Protection > Managed Backups > Minimum ScheduleEnforce: Daily for 30 daysGCP CIS v2.0.0 - Control: 6.7
GCP > SQL > Instance > Data Protection > Managed Backups > ScheduleEnforce: Daily for 30 daysGCP CIS v2.0.0 - Control: 6.7
GCP > SQL > Instance > Database FlagsCheck: Database flags are correctGCP CIS v2.0.0 - Control: 6.1.2, 6.1.3, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6 and 6.3.7
GCP > SQL > Instance > Database Flags > MySQL > Template{ "skip_show_database": "on", "local_infile": "off" } GCP CIS v2.0.0 - Control: 6.1.2 and 6.1.3
GCP > SQL > Instance > Database Flags > PostgreSQL > Template{ "log_error_verbosity": "default", "log_connections": "on", "log_disconnections": "on", "log_statement": "ddl", "log_min_messages": "log", "log_min_error_statement": "panic", "log_min_duration_statement": -1, "cloudsql.enable_pgaudit": "on" } GCP CIS v2.0.0 - Control: 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7 and 6.2.8
GCP > SQL > Instance > Database Flags > SQL Server > Template{ "3625": "on", "external scripts enabled": "off", "cross db ownership chaining": "off", "user connections": 10, "user options": 2, "remote access": "off", "contained database authentication": "off" } GCP CIS v2.0.0 - Control: 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6 and 6.3.7
GCP > SQL > Instance > Encryption In TransitCheck: EnabledGCP CIS v2.0.0 - Control: 6.4