Best practice rules for GCP Cloud Pub/Sub Service
Trend Micro Cloud One™ – Conformity monitors GCP Cloud Pub/Sub Service with the following rules:
- Check for Publicly Accessible Pub/Sub Topics
Ensure there are no publicly accessible Pub/Sub topics available within your cloud account.
- Detect Google Cloud Pub/Sub Configuration Changes
Pub/Sub configuration changes have been detected within your Google Cloud Platform (GCP) account.
- Enable Dead Lettering for Google Pub/Sub Subscriptions
Ensure there is a dead-letter topic configured for each Pub/Sub subscription.
- Enable Pub/Sub Topic Encryption with Customer-Managed Encryption Key
Ensure that Pub/Sub topics are encrypted using Customer-Managed Encryption Keys (CMEKs).
- Pub/Sub Subscription Cross-Project Access
Ensure that Pub/Sub subscriptions are not configured to allow unknown cross-project access.
- Pub/Sub Topic Cross-Project Access
Ensure that Pub/Sub topics don't allow unknown cross-project access.