Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts
Setup multi-factor authentication for Google Cloud Platform accounts. Multi-factor authentication requires more than one mechanism to authenticate a user. This secures your logins from attackers exploiting stolen or weak credentials.
Risk Level: High
Cloud Entity: GCP IAM User
CloudGuard Rule ID: D9.GCP.IAM.03
Covered by Spectral: No
Category: Security, Identity, & Compliance
GSL LOGIC
GcpIamUser should have userData.isEnforcedIn2Sv=true
REMEDIATION
From Portal
- Go to Cloud Identity and Access Management (IAM) dashboard at https://console.cloud.google.com/iam-admin/iam.
- Choose the PERMISSIONS tab, then select View by PRINCIPALS
- Copy the email address of the user account that you want to examine
- Go to Google Account console at https://myaccount.google.com and sign in using the email address copied at the previous step to access the appropriate user account.
- In the navigation bar, select Security.
- On the Security page, in the Signing in to Google section, check 2-Step Verification configuration setting status. set the status to On.
- Repeat steps no. 3 - 6 for each user account that you want to examine, created for the selected GCP project.
Note: if the role fails because the IAMUser userData is null -
- It might be because you didn't connect your Google Workspace (G-Suite) account to CloudGuard.
This can be done through CloudGuard console -> Assets -> Environments -> <Your GCP Project> -> Add GSuite - The IAMUser is not part of your organization - which is not recommended, and probably should be removed from your GCP.
References
- Guide for users to enable MFA: https://support.google.com/accounts/answer/185839
- https://cloud.google.com/identity/solutions/enforce-mfa
- https://support.google.com/a/answer/9176657
GCP IAM User
An IAM user is an entity that you create in GCP to represent the person or service that uses it to interact with GCP.
Compliance Frameworks
- CloudGuard GCP All Rules Ruleset
- GCP CIS Controls V 8
- GCP CIS Foundations v. 1.0.0
- GCP CIS Foundations v. 1.1.0
- GCP CIS Foundations v. 1.2.0
- GCP CIS Foundations v. 1.3.0
- GCP CIS Foundations v. 2.0
- GCP CloudGuard Best Practices
- GCP Dashboard System Ruleset
- GCP HIPAA
- GCP MITRE ATT&CK Framework v12.1
- GCP NIST 800-53 Rev 5
- GCP PCI-DSS 4.0
Updated over 1 year ago