GCP Security Posture Review

Overview

This skill performs a structured security assessment of Google Cloud Platform environments against the CIS Google Cloud Platform Foundation Benchmark v2.0.0. The benchmark is organized into seven sections covering identity and access management, logging and monitoring, networking, virtual machines, storage, Cloud SQL, and BigQuery. Each recommendation is evaluated by inspecting infrastructure-as-code definitions (Terraform, Deployment Manager), gcloud CLI output, or configuration files available in the repository.

The CIS GCP Foundation Benchmark v2.0.0 provides prescriptive guidance for hardening GCP projects and organizations. This skill evaluates each applicable control and produces a findings report with CIS recommendation IDs, severity ratings, and actionable remediation steps.

When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

• Reviewing GCP infrastructure-as-code before deployment
• Assessing an existing GCP environment's security posture against CIS benchmarks
• Preparing for a CIS benchmark audit or compliance assessment
• Evaluating IAM bindings, org policies, VPC firewall rules, Cloud Audit Logs, or GCS bucket configurations
• Onboarding a new GCP project or organization into a security program