Skip to main content

Lacework for GCP FAQ

Compliance

How do I start using the GCP CIS benchmarks in the Compliance Reports?

See GCP Assessments for instructions on how to enable the latest available benchmarks for your GCP environment.

Why do some benchmark rules show a 'Manual' status in the Compliance Reports?

Lacework automates your Compliance rules where it is possible to do so, but some rules cannot be automated. The reasons for this can vary:

  • Scope is defined by the user.
  • It requires configuring other products or API permissions that are out of scope through the Azure integration with Lacework.
  • Known issues for audit procedure described by CIS control rule.

There are certain rules that require manual intervention even when the Center for Internet Security (CIS) deemed them as automated. Conversely, Lacework has automated some rules that were deemed manual.

See the Automated vs Manual Rules sections in GCP Assessments for further details on affected rules.

Why are some rules missing when viewing the GCP CIS benchmark reports?

The majority of the GCP CIS benchmark rules are evaluated at the Project level, however, some are evaluated at the Organization level. As such, depending on your level of integration with GCP, these Organization level rules may not display.

In addition, some rules are fully 'Automated' while some are categorized as 'Manual'. 'Manual' rule types cannot be assessed end-to-end by Lacework platform, and must be left to the customer to follow the auditing procedure.