diff --git a/controls/1.01-iam.rb b/controls/1.01-iam.rb index a417ba3..1e80dc9 100644 --- a/controls/1.01-iam.rb +++ b/controls/1.01-iam.rb @@ -35,7 +35,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["AC-3"] + tag nist: ['AC-2'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#use_corporate_login_credentials' diff --git a/controls/1.02-iam.rb b/controls/1.02-iam.rb index bd64439..fca69a0 100644 --- a/controls/1.02-iam.rb +++ b/controls/1.02-iam.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["IA-2"] + tag nist: ['IA-2'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/solutions/securing-gcp-account-u2f' diff --git a/controls/1.03-iam.rb b/controls/1.03-iam.rb index a22eecf..de1de0d 100644 --- a/controls/1.03-iam.rb +++ b/controls/1.03-iam.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['IA-2'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/security-key/' diff --git a/controls/1.04-iam.rb b/controls/1.04-iam.rb index 2e94204..3b24014 100644 --- a/controls/1.04-iam.rb +++ b/controls/1.04-iam.rb @@ -45,7 +45,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['AC-2'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/understanding-service-accounts#managing_service_account_keys' diff --git a/controls/1.05-iam.rb b/controls/1.05-iam.rb index d953e2e..3a23690 100644 --- a/controls/1.05-iam.rb +++ b/controls/1.05-iam.rb @@ -36,7 +36,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["AC-6"] + tag nist: ['AC-2'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/' diff --git a/controls/1.06-iam.rb b/controls/1.06-iam.rb index 49c769c..405aa74 100644 --- a/controls/1.06-iam.rb +++ b/controls/1.06-iam.rb @@ -42,7 +42,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["AC-6"] + tag nist: %w[AC-2 AC-3] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/service-accounts' diff --git a/controls/1.07-iam.rb b/controls/1.07-iam.rb index 6643d71..6b298e0 100644 --- a/controls/1.07-iam.rb +++ b/controls/1.07-iam.rb @@ -40,7 +40,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["SC-12"] + tag nist: ['AC-2'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/understanding-service-accounts#managing_service_account_keys' diff --git a/controls/1.08-iam.rb b/controls/1.08-iam.rb index 747189e..60c4c7c 100644 --- a/controls/1.08-iam.rb +++ b/controls/1.08-iam.rb @@ -39,7 +39,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["AC-5"] + tag nist: %w[AC-2 AC-3] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/iam/docs/service-accounts' diff --git a/controls/1.09-iam.rb b/controls/1.09-iam.rb index 73f769f..c5d6a1a 100644 --- a/controls/1.09-iam.rb +++ b/controls/1.09-iam.rb @@ -34,7 +34,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["AC-5"] + tag nist: ['AC-3'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/kms/docs/key-rotation#frequency_of_key_rotation' diff --git a/controls/1.10-iam.rb b/controls/1.10-iam.rb index 9196553..795a1d1 100644 --- a/controls/1.10-iam.rb +++ b/controls/1.10-iam.rb @@ -41,7 +41,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["SC-12"] + tag nist: ['AC-2'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/kms/docs/key-rotation#frequency_of_key_rotation' diff --git a/controls/1.11-iam.rb b/controls/1.11-iam.rb index a500b3f..d5ae196 100644 --- a/controls/1.11-iam.rb +++ b/controls/1.11-iam.rb @@ -38,7 +38,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["AC-5"] + tag nist: %w[AC-2 AC-3 AC-6] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/kms/docs/separation-of-duties' diff --git a/controls/1.12-iam.rb b/controls/1.12-iam.rb index 71453ca..56be34d 100644 --- a/controls/1.12-iam.rb +++ b/controls/1.12-iam.rb @@ -40,7 +40,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['AC-2'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/docs/authentication/api-keys' diff --git a/controls/1.13-iam.rb b/controls/1.13-iam.rb index ba95fe3..2575b08 100644 --- a/controls/1.13-iam.rb +++ b/controls/1.13-iam.rb @@ -41,7 +41,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['AC-2'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/docs/authentication/api-keys' diff --git a/controls/1.14-iam.rb b/controls/1.14-iam.rb index e70ea5b..39096ce 100644 --- a/controls/1.14-iam.rb +++ b/controls/1.14-iam.rb @@ -42,7 +42,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['AC-2'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/docs/authentication/api-keys' diff --git a/controls/1.15-iam.rb b/controls/1.15-iam.rb index e5c2702..64ab4d7 100644 --- a/controls/1.15-iam.rb +++ b/controls/1.15-iam.rb @@ -41,7 +41,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['AC-2'] ref 'CIS Benchmark', url: cis_url.to_s diff --git a/controls/2.01-logging.rb b/controls/2.01-logging.rb index 6dd2a9f..453f344 100644 --- a/controls/2.01-logging.rb +++ b/controls/2.01-logging.rb @@ -50,7 +50,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["AC-2", "AU-2"] + tag nist: %w[AU-6 AU-12] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/audit/' diff --git a/controls/2.02-logging.rb b/controls/2.02-logging.rb index d831a16..daa79ee 100644 --- a/controls/2.02-logging.rb +++ b/controls/2.02-logging.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: %w[AU-4 AU-12] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/reference/tools/gcloud-logging' diff --git a/controls/2.03-logging.rb b/controls/2.03-logging.rb index 56258fe..fd2fa21 100644 --- a/controls/2.03-logging.rb +++ b/controls/2.03-logging.rb @@ -35,7 +35,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['AU-6'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/storage/docs/bucket-lock' diff --git a/controls/2.04-logging.rb b/controls/2.04-logging.rb index 8307c7d..07a1b74 100644 --- a/controls/2.04-logging.rb +++ b/controls/2.04-logging.rb @@ -51,7 +51,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['AU-12'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/' diff --git a/controls/2.05-logging.rb b/controls/2.05-logging.rb index f69db4b..a05b512 100644 --- a/controls/2.05-logging.rb +++ b/controls/2.05-logging.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: %w[AU-3 AU-12] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/' diff --git a/controls/2.06-logging.rb b/controls/2.06-logging.rb index c10a4b8..21786cf 100644 --- a/controls/2.06-logging.rb +++ b/controls/2.06-logging.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: %w[AU-3 AU-12] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/' diff --git a/controls/2.07-logging.rb b/controls/2.07-logging.rb index 3a67443..d64764b 100644 --- a/controls/2.07-logging.rb +++ b/controls/2.07-logging.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: %w[AU-3 AU-12] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/' diff --git a/controls/2.08-logging.rb b/controls/2.08-logging.rb index 6dae96f..2338b67 100644 --- a/controls/2.08-logging.rb +++ b/controls/2.08-logging.rb @@ -35,7 +35,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: %w[AU-3 AU-12] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/' diff --git a/controls/2.09-logging.rb b/controls/2.09-logging.rb index 22b194d..722ae1e 100644 --- a/controls/2.09-logging.rb +++ b/controls/2.09-logging.rb @@ -35,7 +35,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: %w[AU-3 AU-12] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/' diff --git a/controls/2.10-logging.rb b/controls/2.10-logging.rb index 696d4ae..bc185a8 100644 --- a/controls/2.10-logging.rb +++ b/controls/2.10-logging.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: %w[AU-3 AU-12] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/' diff --git a/controls/2.11-logging.rb b/controls/2.11-logging.rb index 6aae3d6..9704bf6 100644 --- a/controls/2.11-logging.rb +++ b/controls/2.11-logging.rb @@ -38,7 +38,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: %w[AU-3 AU-12] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/logging/docs/logs-based-metrics/' diff --git a/controls/3.01-networking.rb b/controls/3.01-networking.rb index fdb0749..505bc82 100644 --- a/controls/3.01-networking.rb +++ b/controls/3.01-networking.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['CM-6'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/networking#firewall_rules' diff --git a/controls/3.02-networking.rb b/controls/3.02-networking.rb index a27e93b..ae6f9b1 100644 --- a/controls/3.02-networking.rb +++ b/controls/3.02-networking.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['CM-6'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/networking#creating_a_legacy_network' diff --git a/controls/3.03-networking.rb b/controls/3.03-networking.rb index 2edd7e0..e71940f 100644 --- a/controls/3.03-networking.rb +++ b/controls/3.03-networking.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['CM-6'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloudplatform.googleblog.com/2017/11/DNSSEC-now-available-in-Cloud-DNS.html' diff --git a/controls/3.04-networking.rb b/controls/3.04-networking.rb index 044894f..f2379fb 100644 --- a/controls/3.04-networking.rb +++ b/controls/3.04-networking.rb @@ -35,7 +35,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['CM-6'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options' diff --git a/controls/3.05-networking.rb b/controls/3.05-networking.rb index 8fc089f..ddaf7ff 100644 --- a/controls/3.05-networking.rb +++ b/controls/3.05-networking.rb @@ -35,7 +35,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['CM-6'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options' diff --git a/controls/3.06-networking.rb b/controls/3.06-networking.rb index 25c361e..deace35 100644 --- a/controls/3.06-networking.rb +++ b/controls/3.06-networking.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["SC-7"] + tag nist: %w[CM-7 CA-3 SC-7] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/vpc/docs/firewalls#blockedtraffic' diff --git a/controls/3.07-networking.rb b/controls/3.07-networking.rb index 18cced2..f17abc3 100644 --- a/controls/3.07-networking.rb +++ b/controls/3.07-networking.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["SC-7"] + tag nist: %w[CM-7 CA-3 SC-7] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/vpc/docs/firewalls#blockedtraffic' diff --git a/controls/3.08-networking.rb b/controls/3.08-networking.rb index 0a94698..20ee14a 100644 --- a/controls/3.08-networking.rb +++ b/controls/3.08-networking.rb @@ -42,7 +42,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["SI-4"] + tag nist: %w[AU-12 SI-4] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging' diff --git a/controls/3.09-networking.rb b/controls/3.09-networking.rb index e9e3692..18de62d 100644 --- a/controls/3.09-networking.rb +++ b/controls/3.09-networking.rb @@ -34,7 +34,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['SC-1'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/load-balancing/docs/use-ssl-policies' diff --git a/controls/4.01-vms.rb b/controls/4.01-vms.rb index 9894e70..fda98d3 100644 --- a/controls/4.01-vms.rb +++ b/controls/4.01-vms.rb @@ -36,7 +36,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["AC-6"] + tag nist: %w[AC-2 AC-6] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances' diff --git a/controls/4.02-vms.rb b/controls/4.02-vms.rb index c4528f8..d75ce5e 100644 --- a/controls/4.02-vms.rb +++ b/controls/4.02-vms.rb @@ -42,7 +42,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: %w[AC-2 AC-6] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances' diff --git a/controls/4.03-vms.rb b/controls/4.03-vms.rb index e7ee0e4..cab706c 100644 --- a/controls/4.03-vms.rb +++ b/controls/4.03-vms.rb @@ -36,7 +36,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['AC-2'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys' diff --git a/controls/4.04-vms.rb b/controls/4.04-vms.rb index ec423ea..bf408f1 100644 --- a/controls/4.04-vms.rb +++ b/controls/4.04-vms.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['AC-2'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/managing-instance-access' diff --git a/controls/4.05-vms.rb b/controls/4.05-vms.rb index 08a6e93..3653b72 100644 --- a/controls/4.05-vms.rb +++ b/controls/4.05-vms.rb @@ -42,7 +42,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['CM-7'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/interacting-with-serial-console' diff --git a/controls/4.06-vms.rb b/controls/4.06-vms.rb index 3030300..06f0e8c 100644 --- a/controls/4.06-vms.rb +++ b/controls/4.06-vms.rb @@ -36,7 +36,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: %w[CM-6 CM-8] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/networking#canipforward' diff --git a/controls/4.07-vms.rb b/controls/4.07-vms.rb index 268110d..627041a 100644 --- a/controls/4.07-vms.rb +++ b/controls/4.07-vms.rb @@ -42,7 +42,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['SC-1'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/disks/customer-supplied-encryption#encrypt_a_new_persistent_disk_with_your_own_keys' diff --git a/controls/4.08-vms.rb b/controls/4.08-vms.rb index f298e84..eefbfcd 100644 --- a/controls/4.08-vms.rb +++ b/controls/4.08-vms.rb @@ -54,7 +54,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['SC-1'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/compute/docs/instances/modifying-shielded-vm' diff --git a/controls/5.01-storage.rb b/controls/5.01-storage.rb index a5c2c9d..b8178a7 100644 --- a/controls/5.01-storage.rb +++ b/controls/5.01-storage.rb @@ -33,7 +33,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["AC-2"] + tag nist: %w[AC-2 CA-3] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/storage/docs/access-control/iam-reference' diff --git a/controls/5.02-storage.rb b/controls/5.02-storage.rb index 400d83b..4e906ff 100644 --- a/controls/5.02-storage.rb +++ b/controls/5.02-storage.rb @@ -48,7 +48,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: ['AC-3'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/storage/docs/uniform-bucket-level-access' diff --git a/controls/6.01-db.rb b/controls/6.01-db.rb index f09821b..31c60f6 100644 --- a/controls/6.01-db.rb +++ b/controls/6.01-db.rb @@ -40,7 +40,7 @@ tag cis_gcp: sub_control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["SC-7"] + tag nist: ['IA-5'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/mysql/create-manage-users' @@ -68,6 +68,7 @@ tag cis_gcp: sub_control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s + tag nist: ['SC-1'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/mysql/flags' diff --git a/controls/6.02-db.rb b/controls/6.02-db.rb index 2e9b3b5..81e84f3 100644 --- a/controls/6.02-db.rb +++ b/controls/6.02-db.rb @@ -37,7 +37,7 @@ tag cis_gcp: sub_control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["CA-3", "SC-7"] + tag nist: ['AU-3'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/postgres/flags#setting_a_database_flag' @@ -88,6 +88,7 @@ tag cis_gcp: sub_control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s + tag nist: ['AU-3'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/postgres/flags#setting_a_database_flag' @@ -139,6 +140,7 @@ tag cis_gcp: sub_control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s + tag nist: ['AU-3'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/postgres/flags#setting_a_database_flag' @@ -191,6 +193,7 @@ tag cis_gcp: sub_control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s + tag nist: ['AU-3'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/postgres/flags#setting_a_database_flag' @@ -241,6 +244,7 @@ tag cis_gcp: sub_control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s + tag nist: ['AU-3'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/postgres/flags#setting_a_database_flag' @@ -290,6 +294,7 @@ tag cis_gcp: sub_control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s + tag nist: ['AU-3'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/postgres/flags#setting_a_database_flag' @@ -340,6 +345,7 @@ tag cis_gcp: sub_control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s + tag nist: ['AU-3'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/postgres/flags#setting_a_database_flag' diff --git a/controls/6.03-db.rb b/controls/6.03-db.rb index e9a8fb1..1810169 100644 --- a/controls/6.03-db.rb +++ b/controls/6.03-db.rb @@ -37,7 +37,7 @@ tag cis_gcp: sub_control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["AC-3"] + tag nist: ['AC-3'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/sqlserver/flags' @@ -88,6 +88,7 @@ tag cis_gcp: sub_control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s + tag nist: ['AC-3'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/sqlserver/flags' diff --git a/controls/6.04-db.rb b/controls/6.04-db.rb index f960da6..89c8a68 100644 --- a/controls/6.04-db.rb +++ b/controls/6.04-db.rb @@ -35,7 +35,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["SC-7"] + tag nist: %w[SC-1 SC-8] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/postgres/configure-ssl-instance' diff --git a/controls/6.05-db.rb b/controls/6.05-db.rb index b7eb4b8..208548c 100644 --- a/controls/6.05-db.rb +++ b/controls/6.05-db.rb @@ -35,7 +35,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: [] + tag nist: %w[SC-1 AC-3] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/mysql/configure-ip' diff --git a/controls/6.06-db.rb b/controls/6.06-db.rb index db23a42..4f1810b 100644 --- a/controls/6.06-db.rb +++ b/controls/6.06-db.rb @@ -35,7 +35,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["CA-3", "SC-7"] + tag nist: ['SC-1'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/mysql/configure-private-ip' diff --git a/controls/6.07-db.rb b/controls/6.07-db.rb index f6146b2..b7d9951 100644 --- a/controls/6.07-db.rb +++ b/controls/6.07-db.rb @@ -37,7 +37,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["CP-9"] + tag nist: ['CP-9'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/sql/docs/mysql/backup-recovery/backups' diff --git a/controls/7.01-bq.rb b/controls/7.01-bq.rb index 342edba..2d36b7b 100644 --- a/controls/7.01-bq.rb +++ b/controls/7.01-bq.rb @@ -34,7 +34,7 @@ tag cis_gcp: control_id.to_s tag cis_version: cis_version.to_s tag project: gcp_project_id.to_s - tag nist: ["AC-2"] + tag nist: ['AC-3'] ref 'CIS Benchmark', url: cis_url.to_s ref 'GCP Docs', url: 'https://cloud.google.com/storage/docs/access-control/iam-reference' diff --git a/inspec.yml b/inspec.yml index 986555b..8c5cd57 100644 --- a/inspec.yml +++ b/inspec.yml @@ -19,7 +19,7 @@ copyright: "(c) 2020, Google, Inc." copyright_email: "copyright@google.com" license: "Apache-2.0" summary: "Inspec Google Cloud Platform Center for Internet Security Benchmark v1.1 Profile" -version: 1.1.0-27 +version: 1.1.0-28 supports: - platform: gcp