Archives for GCP Compliance
Quick Recipe for hosting PCI sensitive data apps on Google Cloud
Hosting a PCI compliant app on GCP is straightforward. Create a separate project for all the PCI Data. The actual web tier should reside in a different project from the…
data Compliance Standards
SOC2 GDPR NIST 800-53 PCI DSS Cybersecurity Maturity Model Certification (CMMC) ISO/IEC 27017:2015 HITRUST CSF PIPEDA NIST CSF CCPA 2018 MITRE ATT&CK APRA (CPS 234) Information HIPAA
NIST vs CIS Standards for GCP
Also read PCI DSS compliance on GCP and Google GOV Cloud NIST 800-53 seems to have far more controls than the base CIS standards for GCP. Using a tool such…
Cloud Control Metrics – CCM Compliance
Here is a good mapping of the CIS controls to CCM
Dry Run Mode for VPC Service Controls
Setup dry run mode for VPC Service Controls Step 1 - Define your VPC Service Controls, and implement in dry run mode Step 2 - Monitor GCP logs to check…
Migrate existing Project into an existing GCP Org
Projects in Organizations versus Billing Accounts Moving a Billing account from one org to another is different from moving a project. You may even want to CHANGE the existing billing…
Premium Tier Security Command Center GCP
Security Health Analytics should be your first stop for auditing the security posture of your GCP environment. In addition to several built in detectors, there are a handful of detectectors…
Governance on any public cloud
Also See GCP Gov Cloud - Assured Workloads To implement proper governance, any cloud provider needs these 3 elements (tagging, RBAC, policies and optionally locking). Governance is around both cost…
NIST Compliance and GCP – Google Gov Cloud
Gov Cloud GCP Google's Assured Workloads for Government workloads NIST Standards The significant difference between NIST 800-53 and 800-171 is that the latter relates to non-federal networks. Simply put, if you run…
GCP KMS Basics
This content is password protected. To view it please enter your password below: Password: