CIS Benchmarks
built-inCenter for Internet Security benchmarks for GCP infrastructure hardening
Access Control
| Status | Check | Description | Evidence | Last Evaluated |
|---|---|---|---|---|
| ✗ |
1.4 - Service account key management
no_default_sa
|
Ensure service account keys are managed and default accounts are not used for workloads | Active default service accounts: 862909324833-compute@developer.gserviceaccount.com | 2026-05-19 15:30 |
Encryption
| Status | Check | Description | Evidence | Last Evaluated |
|---|---|---|---|---|
| ✗ |
6.1 - Cloud SQL requires SSL
sql_ssl_required
|
Ensure Cloud SQL database instances require all incoming connections to use SSL | Instances not requiring SSL: pioneer-demo-cl-db, pioneer-production-cl-db, pioneer-demo-wb-db, pioneer-production-wb-db, pioneer-staging-cl-db, pioneer-production-ow-db, pioneer-demo-ow-db, pioneer-staging-wb-db, pioneer-staging-ow-db | 2026-05-19 15:30 |
Logging
| Status | Check | Description | Evidence | Last Evaluated |
|---|---|---|---|---|
| ✓ |
2.1 - Cloud audit logging enabled
audit_logging_enabled
|
Ensure Cloud Audit Logging is configured for all services and all users | Audit logging sink(s) found: audit-log-sink | 2026-05-19 15:30 |
| ✓ |
2.2 - Log sinks configured
logging_sink_exists
|
Ensure log sinks are configured for exporting copies of all log entries | 5 logging sink(s) configured: audit-log-sink, all-logs-sink, error-log-sink, _Default, _Required | 2026-05-19 15:30 |
Network
| Status | Check | Description | Evidence | Last Evaluated |
|---|---|---|---|---|
| ✓ |
3.6 - Restrict SSH access
firewall_rules_exist
|
Ensure firewall rules do not allow unrestricted ingress to SSH (port 22) | 62 firewall rule(s) configured. | 2026-05-19 15:30 |
| ✓ |
6.5 - No public IP on Cloud SQL
sql_no_public_ip
|
Ensure Cloud SQL database instances do not have public IP addresses | No Cloud SQL instances have public IPs. | 2026-05-19 15:30 |