CIS GCP 1.2.0 to 1.3.0
The following sections list the differences between the CIS GCP 1.2.0 and CIS GCP 1.3.0 benchmark policies.
CIS GCP 1.2.0 to 1.3.0 Mapping
The table below lists the mapping of policies between CIS GCP 1.2.0 and 1.3.0, including assessment type and severity differences:
tip
Click anywhere on the table and use the arrow keys on your keyboard to scroll left or right.
| CIS 1.2.0 Policy ID | CIS 1.2.0 Assessment Type | Lacework 1.2.0 Assessment Type | 1.2.0 Severity | CIS 1.3.0 Policy ID | CIS 1.3.0 Control ID | CIS 1.3.0 Assessment Type | Lacework 1.3.0 Assessment Type | 1.3.0 Severity |
|---|---|---|---|---|---|---|---|---|
| GCP_CIS12_1_1 | Automated | Manual | Medium | lacework-global-232 | 1.1 | Manual | Manual | High |
| GCP_CIS12_1_2 | Manual | Manual | Medium | lacework-global-233 | 1.2 | Manual | Manual | High |
| GCP_CIS12_1_3 | Manual | Manual | Medium | lacework-global-293 | 1.3 | Manual | Manual | Medium |
| GCP_CIS12_1_4 | Automated | Automated | Medium | lacework-global-234 | 1.4 | Automated | Automated | Medium |
| GCP_CIS12_1_5 | Automated | Automated | Medium | lacework-global-235 | 1.5 | Automated | Automated | Medium |
| GCP_CIS12_1_6 | Automated | Automated | Medium | lacework-global-236 | 1.6 | Automated | Manual | Medium |
| GCP_CIS12_1_7 | Automated | Automated | Medium | lacework-global-237 | 1.7 | Automated | Automated | Medium |
| GCP_CIS12_1_8 | Manual | Automated | Medium | lacework-global-294 | 1.8 | Automated | Manual | High |
| GCP_CIS12_1_9 | Automated | Automated | Critical | lacework-global-238 | 1.9 | Automated | Automated | Critical |
| GCP_CIS12_1_10 | Automated | Automated | Medium | lacework-global-239 | 1.1 | Automated | Automated | Medium |
| GCP_CIS12_1_11 | Automated | Automated | Medium | lacework-global-295 | 1.11 | Automated | Manual | High |
| GCP_CIS12_1_12 | Manual | Manual | Medium | lacework-global-296 | 1.12 | Manual | Automated | Medium |
| GCP_CIS12_1_13 | Manual | Manual | Low | lacework-global-240 | 1.13 | Manual | Automated | Medium |
| GCP_CIS12_1_14 | Manual | Manual | Low | lacework-global-241 | 1.14 | Manual | Automated | Medium |
| GCP_CIS12_1_15 | Manual | Manual | Medium | lacework-global-242 | 1.15 | Manual | Automated | Medium |
| GCP_CIS12_2_1 | Automated | Automated | Medium | lacework-global-245, lacework-global-487, lacework-global-488 | 2.1 | Automated | Automated | Low |
| GCP_CIS12_2_2 | Automated | Automated | Medium | lacework-global-246, lacework-global-489 | 2.2 | Automated | Automated | Low |
| GCP_CIS12_2_3 | Automated | Manual | Medium | lacework-global-298 | 2.3 | Automated | Automated | Low |
| GCP_CIS12_2_4 | Automated | Automated | Medium | lacework-global-247 | 2.4 | Automated | Automated | Low |
| GCP_CIS12_2_5 | Automated | Automated | Low | lacework-global-248 | 2.5 | Automated | Automated | Low |
| GCP_CIS12_2_6 | Automated | Automated | Low | lacework-global-249 | 2.6 | Automated | Automated | Low |
| GCP_CIS12_2_7 | Automated | Automated | Low | lacework-global-250 | 2.7 | Automated | Automated | Low |
| GCP_CIS12_2_8 | Automated | Automated | Low | lacework-global-251 | 2.8 | Automated | Automated | Low |
| GCP_CIS12_2_9 | Automated | Automated | Low | lacework-global-252 | 2.9 | Automated | Automated | Low |
| GCP_CIS12_2_10 | Automated | Automated | Low | lacework-global-253 | 2.1 | Automated | Automated | Low |
| GCP_CIS12_2_11 | Automated | Automated | Low | lacework-global-254 | 2.11 | Automated | Automated | Low |
| GCP_CIS12_2_12 | Automated | Automated | Low | lacework-global-255 | 2.12 | Automated | Automated | Medium |
| GCP_CIS12_3_1 | Automated | Automated | Low | lacework-global-300 | 3.1 | Automated | Automated | Medium |
| GCP_CIS12_3_2 | Automated | Automated | Info | lacework-global-258 | 3.2 | Automated | Automated | Medium |
| GCP_CIS12_3_3 | Automated | Automated | Medium | lacework-global-259 | 3.3 | Automated | Automated | Medium |
| GCP_CIS12_3_4 | Manual | Automated | Low | lacework-global-260 | 3.4 | Manual | Automated | Low |
| GCP_CIS12_3_5 | Manual | Automated | Low | lacework-global-261 | 3.5 | Manual | Automated | Low |
| GCP_CIS12_3_6 | Automated | Automated | High | lacework-global-301 | 3.6 | Automated | Automated | Medium |
| GCP_CIS12_3_7 | Automated | Automated | High | lacework-global-302 | 3.7 | Automated | Automated | Critical |
| GCP_CIS12_3_8 | Automated | Automated | Low | lacework-global-262 | 3.8 | Automated | Automated | Low |
| GCP_CIS12_3_9 | Manual | Automated | Medium | lacework-global-263, lacework-global-490 | 3.9 | Manual | Automated | Medium |
| GCP_CIS12_3_10 | Manual | Manual | Medium | lacework-global-303 | 3.1 | Manual | Manual | Medium |
| GCP_CIS12_4_1 | Automated | Automated | Medium | lacework-global-264 | 4.1 | Automated | Automated | Medium |
| GCP_CIS12_4_2 | Automated | Automated | Medium | lacework-global-265 | 4.2 | Automated | Automated | Medium |
| GCP_CIS12_4_3 | Automated | Automated | Medium | lacework-global-266 | 4.3 | Automated | Automated | Medium |
| GCP_CIS12_4_4 | Automated | Automated | Low | lacework-global-267, lacework-global-498 | 4.4 | Automated | Automated | Medium |
| GCP_CIS12_4_5 | Automated | Automated | Medium | lacework-global-268 | 4.5 | Automated | Automated | Medium |
| GCP_CIS12_4_6 | Automated | Automated | Low | lacework-global-269 | 4.6 | Automated | Automated | Medium |
| GCP_CIS12_4_7 | Automated | Automated | Medium | lacework-global-304 | 4.7 | Automated | Automated | Critical |
| GCP_CIS12_4_8 | Automated | Automated | High | lacework-global-305 | 4.8 | Automated | Automated | Medium |
| GCP_CIS12_4_9 | Automated | Automated | Low | lacework-global-306 | 4.9 | Automated | Automated | High |
| GCP_CIS12_4_10 | Manual | Manual | Medium | lacework-global-307 | 4.1 | Manual | Manual | Medium |
| GCP_CIS12_4_11 | Automated | Automated | Medium | lacework-global-308 | 4.11 | Automated | Automated | Medium |
| GCP_CIS12_5_1 | Automated | Automated | High | lacework-global-270 | 5.1 | Automated | Automated | Critical |
| GCP_CIS12_5_2 | Automated | Automated | Low | lacework-global-310 | 5.2 | Automated | Automated | Medium |
| GCP_CIS12_6_1_1 | Automated | Manual | Medium | lacework-global-274 | 6.1.1 | Manual | Manual | High |
| GCP_CIS12_6_1_2 | Automated | Automated | Info | lacework-global-275 | 6.1.2 | Automated | Automated | Medium |
| GCP_CIS12_6_1_3 | Automated | Automated | Info | lacework-global-276 | 6.1.3 | Automated | Automated | Medium |
| GCP_CIS12_6_2_1 | Automated | Automated | Info | N/A | N/A | N/A | N/A | N/A |
| GCP_CIS12_6_2_2 | Manual | Manual | Info | lacework-global-312 | 6.2.1 | Manual | Automated | Medium |
| GCP_CIS12_6_2_3 | Automated | Automated | Info | lacework-global-277 | 6.2.2 | Automated | Automated | Medium |
| GCP_CIS12_6_2_4 | Automated | Automated | Info | lacework-global-278 | 6.2.3 | Automated | Automated | Medium |
| GCP_CIS12_6_2_5 | Manual | Automated | Info | N/A | N/A | N/A | N/A | N/A |
| GCP_CIS12_6_2_6 | Automated | Automated | Info | N/A | N/A | N/A | N/A | N/A |
| GCP_CIS12_6_2_7 | Manual | Manual | Info | lacework-global-279 | 6.2.4 | Manual | Automated | Low |
| GCP_CIS12_6_2_8 | Automated | Automated | Info | lacework-global-280 | 6.2.5 | Automated | Automated | Low |
| GCP_CIS12_6_2_9 | Automated | Automated | Info | N/A | N/A | N/A | N/A | N/A |
| GCP_CIS12_6_2_10 | Automated | Automated | Info | N/A | N/A | N/A | N/A | N/A |
| GCP_CIS12_6_2_11 | Automated | Automated | Info | N/A | N/A | N/A | N/A | N/A |
| GCP_CIS12_6_2_12 | Automated | Automated | Info | N/A | N/A | N/A | N/A | N/A |
| GCP_CIS12_6_2_13 | Manual | Manual | Info | lacework-global-281 | 6.2.6 | Manual | Automated | Low |
| GCP_CIS12_6_2_14 | Automated | Automated | Info | lacework-global-282 | 6.2.7 | Automated | Automated | Medium |
| GCP_CIS12_6_2_15 | Automated | Automated | Info | N/A | N/A | N/A | N/A | N/A |
| GCP_CIS12_6_2_16 | Automated | Automated | Info | lacework-global-283 | 6.2.8 | Automated | Automated | Medium |
| GCP_CIS12_6_3_1 | Automated | Automated | Info | lacework-global-285 | 6.3.1 | Automated | Automated | Medium |
| GCP_CIS12_6_3_2 | Automated | Automated | Info | lacework-global-286 | 6.3.2 | Automated | Automated | Medium |
| GCP_CIS12_6_3_3 | Automated | Automated | Info | lacework-global-287 | 6.3.3 | Automated | Automated | Low |
| GCP_CIS12_6_3_4 | Automated | Automated | Info | lacework-global-288 | 6.3.4 | Automated | Automated | Medium |
| GCP_CIS12_6_3_5 | Automated | Automated | Medium | lacework-global-289 | 6.3.5 | Automated | Automated | Medium |
| GCP_CIS12_6_3_6 | Automated | Automated | Info | lacework-global-290 | 6.3.6 | Automated | Automated | Medium |
| GCP_CIS12_6_3_7 | Automated | Automated | Low | lacework-global-291 | 6.3.7 | Automated | Automated | Medium |
| GCP_CIS12_6_4 | Automated | Automated | High | lacework-global-271 | 6.4 | Automated | Automated | High |
| GCP_CIS12_6_5 | Automated | Automated | Medium | lacework-global-272 | 6.5 | Automated | Automated | Critical |
| GCP_CIS12_6_6 | Automated | Automated | Medium | lacework-global-311 | 6.6 | Automated | Automated | High |
| GCP_CIS12_6_7 | Automated | Automated | Info | lacework-global-273 | 6.7 | Automated | Automated | Medium |
| GCP_CIS12_7_1 | Automated | Automated | Info | lacework-global-292 | 7.1 | Manual | Automated | Critical |
| GCP_CIS12_7_2 | Automated | Automated | Low | lacework-global-313 | 7.2 | Automated | Automated | Medium |
| GCP_CIS12_7_3 | Automated | Automated | Low | lacework-global-314 | 7.3 | Manual | Automated | Medium |
Additional Notes
Anything marked with "N/A" was either not included in the CIS 1.3.0 benchmark or merged with another control ID.
New Policies in CIS GCP 1.3.0
All the new v1.3.0 policies (that were not in v1.2.0) are listed in the table below:
| CIS Control ID and Title | Lacework Policy ID | CIS Assessment Type | Lacework Assessment Type | Severity |
|---|---|---|---|---|
| 1.16 Ensure Essential Contacts is Configured for Organization | lacework-global-243 | Automated | Manual | Medium |
| 1.17 Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key | lacework-global-297 | Automated | Automated | Medium |
| 1.18 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager | lacework-global-244 | Manual | Manual | Medium |
| 2.13 Ensure Cloud Asset Inventory Is Enabled | lacework-global-256 | Automated | Automated | Medium |
| 2.14 Ensure 'Access Transparency' is 'Enabled' | lacework-global-257 | Manual | Manual | Medium |
| 2.15 Ensure 'Access Approval' is 'Enabled' | lacework-global-299 | Automated | Manual | Medium |
| 4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects | lacework-global-309 | Manual | Manual | Medium |
| 6.2.9 Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging | lacework-global-284 | Automated | Automated | Medium |