Skip to content
This repository has been archived by the owner on Jun 25, 2024. It is now read-only.

Commit

Permalink
changes to section 1
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikiodehartj1 @jzolo22
mikiodehartj1 authored and jzolo22 committed Dec 21, 2023
1 parent 7db4f46 commit cc222a2
Showing 1 changed file with 26 additions and 0 deletions.
26 changes: 26 additions & 0 deletions jupiterone/questions/questions.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -589,6 +589,32 @@ questions:
requirements:
- '1.18'

- id: integration-question-google-dataproc-cmek
title: Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key
description: >
When you use Dataproc, cluster and job data is stored on Persistent Disks (PDs) associated with the Compute Engine VMs in your cluster and in a Cloud Storage staging bucket. This PD and bucket data is encrypted using a Google-generated data encryption key (DEK) and key encryption key (KEK). The CMEK feature allows you to create, use, and revoke the key encryption key (KEK). Google still controls the data encryption key (DEK).
queries:
- name: good
query: |
FIND google_dataproc_cluster WITH encrypted = true AND kmsKeyName ~= "cmek"
- name: bad
query: |
FIND google_dataproc_cluster WITH encrypted != true OR kmsKeyName !~= "cmek"
tags:
- google-cloud
- customer-managed-encryption-key
- encryption
compliance:
- standard: CIS Google Cloud Foundations 1.1
requirements:
- '1.17'
- standard: CIS Google Cloud Platform Foundation Benchmark 1.3
requirements:
- '1.17'
- standard: CIS Google Cloud Platform Foundation Benchmark 2.0.0
requirements:
- '1.17'

- id: integration-question-google-cloud-iam-all-user-policies
title: Which policies are bound to “allUsers” or “allAuthenticatedUsers”?
description: >
Expand Down

0 comments on commit cc222a2

Please sign in to comment.