Best practice rules for GCP VertexAI
Trend Micro Cloud One™ – Conformity monitors GCP VertexAI with the following rules:
- Default VPC Network In Use
Ensure that the default VPC network is not being used for your Vertex AI notebook instances.
- Disable Root Access for Notebook Instances
Ensure root access is disabled for your Vertex AI notebook instances.
- Enable Automatic Upgrades for Notebook Instances
Ensure that automatic upgrades are enabled for your Vertex AI notebook instances.
- Enable Cloud Monitoring for Notebook Instances
Ensure that Cloud Monitoring feature is enabled for your Vertex AI notebook instances.
- Enable Idle Shutdown for Notebook Instances
Ensure that the Idle Shutdown feature is enabled for your Vertex AI notebook instances.
- Enable Integrity Monitoring for Notebook Instances
Ensure that the Integrity Monitoring feature is enabled for your Vertex AI notebook instances.
- Enable Secure Boot for Notebook Instances
Ensure that Secure Boot is enabled for your Vertex AI notebook instances.
- Enable Virtual Trusted Platform Module (vTPM) for Notebook Instances
Ensure that vTPM feature is enabled for your Vertex AI notebook instances.
- Notebook Instance Encryption with Customer-Managed Encryption Keys
Ensure that Vertex AI notebook instances are encrypted using Customer-Managed Encryption Keys (CMEKs).
- Prevent Assigning External IPs to Notebook Instances
Ensure that external IP addresses are not assigned to Vertex AI notebook instances.
- Vertex AI Dataset Encryption with Customer-Managed Encryption Keys
Ensure that Vertex AI datasets are encrypted using Customer-Managed Encryption Keys (CMEKs) (Not Scored).