Ensure that "Disable VM serial port access" constraint policy is enabled for your Google Cloud Platform (GCP) organizations. Due to security and compliance regulations, the serial port access to your Compute Engine virtual machine (VM) instances must be disabled.
When serial port access is enabled for a VM instance, clients can attempt to connect to that instance from any IP address and this allows anybody to access the instance if they know the user name, the SSH key, the project ID, and the instance name and zone. To prevent all virtual machine instances deployed within your GCP organization from having serial port access support, enforce "Disable VM Serial Port Access" organization policy. This constraint disables serial port access to Compute Engine VM instances belonging to the organization (including projects and folders) where the constraint is set to True, regardless of the metadata attributes configured for the instances.
To determine if "Disable VM serial port access" policy is enforced at the GCP organization level, perform the following actions:
Remediation / Resolution
To ensure that the serial port access to the virtual machine instances running within your Google Cloud project, folder, or organization is disabled at the GCP organization level, enable the “Disable VM serial port access” organization policy by performing the following actions:
- Google Cloud Platform (GCP) Documentation
- Authorizing with authorized networks
- Connection organization policies
- Organization policy constraints
- Organization policies
- GCP Command Line Interface (CLI) Documentation
- gcloud alpha resource-manager org-policies describe
- gcloud alpha resource-manager org-policies enable-enforce
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Disable Serial Port Access Support at Organization Level
Risk level: Medium