Best practice rules for GCP IAM
Trend Micro Cloud One™ – Conformity monitors GCP IAM with the following rules:
- Approved Identity Providers
Ensure that only approved identity providers (IdPs) are used for secure access to Google Cloud services.
- Data Decryption using All Keys Should Not Be Allowed
Ensure that data decryption using all KMS keys is not allowed within your Google Cloud account.
- Enable Multi-Factor Authentication for User Accounts
Ensure that Multi-Factor Authentication (MFA) feature is enabled for all GCP user accounts.
- Organization Administration Role in Use
Ensure that Organization Administrator role is not assigned to users within your organization.
- Roles with Administrative Permissions
Ensure that IAM members are not using roles with administrative permissions.