Ensure that multi-factor authentication is enabled for all non-service accounts

Risk Level: High
GCP IAM User
Rule ID: D9.GCP.IAM.03
Category: Security, Identity, & Compliance
Setup multi-factor authentication for Google Cloud Platform accounts. Multi-factor authentication requires more than one mechanism to authenticate a user. This secures your logins from attackers exploiting stolen or weak credentials.

gsl logic

GcpIamUser should have userData.isEnforcedIn2Sv=true

Dome9 rules are powered by the Governance Specification Language (GSL). GSL allows our customers to write and run custom security and compliance checks that can be easily read

Learn more:
Compliance Engine
GSL Language

Remediation


From Portal:
1. Go to Cloud Identity and Access Management (IAM) dashboard at https://console.cloud.google.com/iam-admin/iam.
2. Choose the PERMISSIONS tab, then select View by PRINCIPALS
3. Copy the email address of the user account that you want to examine
4. Go to Google Account console at https://myaccount.google.com and sign in using the email address copied at the previous step to access the appropriate user account.
5. In the navigation bar, select Security.
6. On the Security page, in the Signing in to Google section, check 2-Step Verification configuration setting status. set the status to On.
7. Repeat steps no. 3 – 6 for each user account that you want to examine, created for the selected GCP project.



Note: if the role fails because the IAMUser userData is null -
1. It might be because you didn't connect your Google Workspace (G-Suite) account to CloudGuard.
This can be done through CloudGuard console -> Assets -> Environments -> -> Add GSuite
2. The IAMUser is not part of your organization - which is not recommended, and probably should be removed from your GCP.

Reference:
1. Guide for users to enable MFA: https://support.google.com/accounts/answer/185839
2. https://cloud.google.com/identity/solutions/enforce-mfa
3. https://support.google.com/a/answer/9176657

GCP IAM User

An IAM user is an entity that you create in GCP to represent the person or service that uses it to interact with GCP.

Compliance Frameworks

HIPAA BP_0318