Security Controls
Security Review Issue id is https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/441
-
see Security Foundations Blueprint - https://cloud.google.com/architecture/security-foundations and https://cloud.google.com/architecture/security-foundations/printable
-
compliant with NIST-800-53 - https://cloud.google.com/security/compliance/nist800-53 - see https://cloud.google.com/security/solutions/security-foundation
-
see upstream repository https://github.com/terraform-google-modules/terraform-example-foundation
-
see LZ V2 (managed clients only) https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/wiki/Security_Controls
-
see LZ V1 (deprecated TEF V1 version) - https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/z_2024_v020_pre_tef_v4/docs/google-cloud-security-controls.md
-
specifically this set of 66 controls https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/z_2024_v020_pre_tef_v4/docs/google-cloud-security-controls.md#mandatory-security-controls-list
- check ssm
- reference https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/440
- https://wiki.gccollab.ca/images/9/9d/Network_Security_Zoning_Reference_Architecture.pdf
- slide 18/19 GoC profile 1-6 https://wiki.gccollab.ca/images/7/75/GC_Cloud_Connection_Patterns.pdf
- https://services.google.com/fh/files/misc/googlecloud_european_commitments_whitepaper.pdf
- https://cloud.google.com/architecture/fedramp-implementation-guide
- https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-firewall-plus-with-intrusion-prevention
- https://cloud.google.com/blog/topics/developers-practitioners/zero-trust-and-beyondcorp-google-cloud
- https://cloud.google.com/load-balancing/docs/negs/serverless-neg-concepts
- https://cloud.google.com/vpc/docs/private-service-connect
- https://cloud.google.com/distributed-cloud/edge/latest/docs/how-it-works
- https://cloud.google.com/architecture/security-foundations/operation-best-practices#plan-breakglass
- https://cloud.google.com/armor/docs/advanced-network-ddos#preview-mode
- https://cloud.google.com/vertex-ai/generative-ai/docs/data-governance
- https://cloud.google.com/architecture/configure-networks-fedramp-dod-google-cloud