Archives for GCP Compliance
data Compliance Standards
SOC2 GDPR NIST 800-53 PCI DSS Cybersecurity Maturity Model Certification (CMMC) ISO/IEC 27017:2015 HITRUST CSF PIPEDA NIST CSF CCPA 2018 MITRE ATT&CK APRA (CPS 234) Information HIPAA
NIST vs CIS Standards for GCP
Also read PCI DSS compliance on GCP and Google GOV Cloud NIST 800-53 seems to have far more controls than the base CIS standards for GCP. Using a tool such…
Cloud Control Metrics – CCM Compliance
Here is a good mapping of the CIS controls to CCM
Dry Run Mode for VPC Service Controls
Setup dry run mode for VPC Service Controls Step 1 - Define your VPC Service Controls, and implement in dry run mode Step 2 - Monitor GCP logs to check…
Migrate existing Project into an existing GCP Org
Projects in Organizations versus Billing Accounts Moving a Billing account from one org to another is different from moving a project. You may even want to CHANGE the existing billing…
Premium Tier Security Command Center GCP
Security Health Analytics should be your first stop for auditing the security posture of your GCP environment. In addition to several built in detectors, there are a handful of detectectors…
NIST Compliance and GCP – Google Gov Cloud
Gov Cloud GCP Google's Assured Workloads for Government workloads NIST Standards The significant difference between NIST 800-53 and 800-171 is that the latter relates to non-federal networks. Simply put, if you run…
GCP KMS Basics
This content is password protected. To view it please enter your password below: Password:
GCP and FIPS, NIST Compliance
Everywhere that this article refers to FIPs, simply replace with NIST - and the same logic applies. GCP uses something called Boring SSL. Boring SSL was submitted to NIST and checked…