Skip to main content

Lacework for Google Cloud FAQ

Compliance

How do I start using the Google Cloud CIS benchmarks in the Compliance Reports?

See Google Cloud Assessments for instructions on how to enable the latest available benchmarks for your Google Cloud environment.

Why do some benchmark rules show a 'Manual' status in the Compliance Reports?

Lacework automates your Compliance rules where it is possible to do so, but some rules cannot be automated. The reasons for this can vary:

  • Scope is defined by the user.
  • It requires configuring other products or API permissions that are out of scope through the Google Cloud integration with Lacework.
  • Known issues for audit procedure described by CIS control rule.

There are certain rules that require manual intervention even when the Center for Internet Security (CIS) deemed them as automated. Conversely, Lacework has automated some rules that were deemed manual.

See the Automated vs Manual Rules sections in Google Cloud Assessments for further details on affected rules.

Why are some rules missing when viewing the Google Cloud CIS benchmark reports?

The majority of the Google Cloud CIS benchmark rules are evaluated at the Project level, however, some are evaluated at the Organization level. As such, depending on your level of integration with Google Cloud, these Organization level rules may not display.

In addition, some rules are fully 'Automated' while some are categorized as 'Manual'. 'Manual' rule types cannot be assessed end-to-end by Lacework platform, and must be left to the customer to follow the auditing procedure.