Add RBI Cyber Security Framework compliance for GCP fixes #8783

2026-04-03 05:55:54 +00:00 · 2026-03-15 10:32:07 -04:00
parent 22f79edec5
commit d778a7589c
1 changed files with 128 additions and 0 deletions
--- a/prowler/compliance/gcp/rbi_cyber_security_framework_gcp.json
+++ b/prowler/compliance/gcp/rbi_cyber_security_framework_gcp.json
@@ -0,0 +1,128 @@
+{
+  "Framework": "RBI-Cyber-Security-Framework",
+  "Name": "Reserve Bank of India (RBI) Cyber Security Framework for GCP",
+  "Version": "",
+  "Provider": "GCP",
+  "Description": "The Reserve Bank of India (RBI) Cyber Security Framework prescribes baseline cyber security controls for banks and financial institutions. This framework maps RBI requirements to Google Cloud Platform (GCP) security best practices.",
+  "Requirements": [
+    {
+      "Id": "annex_i_1_1",
+      "Name": "Annex I (1.1)",
+      "Description": "Maintain an up-to-date business IT Asset Inventory Register containing details of IT assets, systems where customer data are stored, associated business applications, and criticality of IT assets.",
+      "Attributes": [
+        {
+          "ItemId": "annex_i_1_1",
+          "Section": "Annex I - Inventory Management",
+          "Service": "gcp"
+        }
+      ],
+      "Checks": [
+        "iam_cloud_asset_inventory_enabled",
+        "securitycenter_security_health_analytics_enabled"
+      ]
+    },
+    {
+      "Id": "annex_i_1_3",
+      "Name": "Annex I (1.3)",
+      "Description": "Appropriately manage and provide protection within and outside the network, keeping in mind how data is stored, transmitted, processed, accessed and put to use, and the level of risk based on sensitivity of the data.",
+      "Attributes": [
+        {
+          "ItemId": "annex_i_1_3",
+          "Section": "Annex I - Data Protection",
+          "Service": "gcp"
+        }
+      ],
+      "Checks": [
+        "cloudstorage_bucket_encryption",
+        "cloudstorage_bucket_public_access",
+        "cloudstorage_bucket_uniform_access",
+        "cloudsql_instance_encryption_enabled",
+        "cloudsql_instance_public_access",
+        "compute_instance_public_ip",
+        "compute_disk_encryption_enabled",
+        "compute_firewall_rdp_access_from_internet_restricted",
+        "compute_firewall_ssh_access_from_internet_restricted",
+        "kms_key_rotation_enabled",
+        "bigquery_dataset_public_access",
+        "bigquery_dataset_cmek_encryption",
+        "gke_cluster_private_cluster_enabled",
+        "gke_cluster_master_authorized_networks_enabled"
+      ]
+    },
+    {
+      "Id": "annex_i_5_1",
+      "Name": "Annex I (5.1)",
+      "Description": "Firewall configurations should be set to the highest security level and evaluation of critical device configurations should be done periodically.",
+      "Attributes": [
+        {
+          "ItemId": "annex_i_5_1",
+          "Section": "Annex I - Network Security",
+          "Service": "gcp"
+        }
+      ],
+      "Checks": [
+        "compute_firewall_rdp_access_from_internet_restricted",
+        "compute_firewall_ssh_access_from_internet_restricted",
+        "compute_network_legacy_network_not_used",
+        "dns_managed_zones_dnssec_enabled"
+      ]
+    },
+    {
+      "Id": "annex_i_7_1",
+      "Name": "Annex I (7.1)",
+      "Description": "Implement and maintain access control measures to ensure that access to sensitive data and systems is restricted to authorized personnel only.",
+      "Attributes": [
+        {
+          "ItemId": "annex_i_7_1",
+          "Section": "Annex I - Access Control",
+          "Service": "gcp"
+        }
+      ],
+      "Checks": [
+        "iam_sa_no_administrative_privileges",
+        "iam_no_service_roles_at_project_level",
+        "iam_user_mfa_enabled_all_users",
+        "iam_admin_service_account_not_used_for_instances",
+        "essentialcontacts_security_contacts_configured"
+      ]
+    },
+    {
+      "Id": "annex_i_8_1",
+      "Name": "Annex I (8.1)",
+      "Description": "Implement audit trails and logging mechanisms to monitor and record all access to critical systems and sensitive data.",
+      "Attributes": [
+        {
+          "ItemId": "annex_i_8_1",
+          "Section": "Annex I - Audit and Logging",
+          "Service": "gcp"
+        }
+      ],
+      "Checks": [
+        "logging_sink_created",
+        "logging_bucket_retention_policy_set",
+        "logging_storage_bucket_lock_retention_policy_enabled",
+        "audit_logging_admin_activity_enabled",
+        "audit_logging_data_read_enabled",
+        "audit_logging_data_write_enabled"
+      ]
+    },
+    {
+      "Id": "annex_i_10_1",
+      "Name": "Annex I (10.1)",
+      "Description": "Implement mechanisms for early detection of cyber threats and incidents, including vulnerability assessments and penetration testing.",
+      "Attributes": [
+        {
+          "ItemId": "annex_i_10_1",
+          "Section": "Annex I - Threat Detection",
+          "Service": "gcp"
+        }
+      ],
+      "Checks": [
+        "securitycenter_security_health_analytics_enabled",
+        "securitycenter_web_security_scanner_enabled",
+        "compute_instance_oslogin_enabled",
+        "gke_cluster_binary_authorization_enabled"
+      ]
+    }
+  ]
+}