Cloud Lock

Back to Governance

CIS Benchmarks

built-in

Center for Internet Security benchmarks for GCP infrastructure hardening

50% 3/6 checks passing

Access Control

Status	Check	Description	Evidence	Last Evaluated
✗	1.4 - Service account key management no_default_sa	Ensure service account keys are managed and default accounts are not used for workloads	Active default service accounts: 862909324833-compute@developer.gserviceaccount.com	2026-05-19 15:45

Encryption

Status	Check	Description	Evidence	Last Evaluated
✗	6.1 - Cloud SQL requires SSL sql_ssl_required	Ensure Cloud SQL database instances require all incoming connections to use SSL	Instances not requiring SSL: pioneer-prod-ow-db, pioneer-prod-cl-db, pioneer-demo-cl-db, pioneer-production-cl-db, pioneer-demo-wb-db, pioneer-production-wb-db, pioneer-staging-cl-db, pioneer-production-ow-db, pioneer-demo-ow-db, pioneer-staging-wb-db, pioneer-staging-ow-db, pioneer-production-ow-db, pioneer-production-cl-db, pioneer-production-ow-db, pioneer-staging-cl-db, pioneer-staging-cl-db, pioneer-production-cl-db	2026-05-19 15:45

Logging

Status	Check	Description	Evidence	Last Evaluated
✓	2.1 - Cloud audit logging enabled audit_logging_enabled	Ensure Cloud Audit Logging is configured for all services and all users	Audit logging sink(s) found: audit-log-sink	2026-05-19 15:45
✓	2.2 - Log sinks configured logging_sink_exists	Ensure log sinks are configured for exporting copies of all log entries	5 logging sink(s) configured: audit-log-sink, all-logs-sink, error-log-sink, _Default, _Required	2026-05-19 15:45

Network

Status	Check	Description	Evidence	Last Evaluated
✓	3.6 - Restrict SSH access firewall_rules_exist	Ensure firewall rules do not allow unrestricted ingress to SSH (port 22)	84 firewall rule(s) configured.	2026-05-19 15:45
✗	6.5 - No public IP on Cloud SQL sql_no_public_ip	Ensure Cloud SQL database instances do not have public IP addresses	Instances with public IP: pioneer-prod-ow-db, pioneer-prod-cl-db	2026-05-19 15:45