GCP Policies

GCP Policies

GCP Policies define security controls and assessment rules tailored for cloud-based identity and resource environments.

These policies focus on analyzing identity-related risks, role assignments, authentication configurations, and access control mechanisms within GCP.

By using GCP-specific policies, FSProtect helps identify privilege misuse, risky identity configurations, and exposure points in modern cloud identity infrastructures.

Edit Scan Policy (GCP)

This section allows users to configure scan settings specific to GCP environments, including enabled modules, exclusions, and scan options.

Vulnerability Policies and Tiering (GCP)

This section defines vulnerability policies and tiering configurations specific to GCP environments. Vulnerability policies determine which GCP-specific security checks are executed during the scan, while tiering helps identify critical cloud identities and roles based on their potential security impact.

GCP Scan Modules

GCP Assessment: This module enables users to identify and evaluate vulnerabilities, misconfigurations, and security risks within their GCP environment, including IAM, resources, roles, and permissions. It provides deep visibility into the cloud configuration and access relationships across projects, folders, and organizations. As a core component of the engine for cloud-based assessments, this module is a mandatory option. When it is the only enabled module in the scan policy, the engine communicates solely with GCP services and APIs, without interacting with on-premises infrastructure.

Tier 0 Assets (GCP)

Tier 0 Assets settings allow users to designate critical GCP identities as privileged. Selected GCP users, groups, service accounts, and roles are treated as high-impact identities and are prioritized during privilege exposure and attack path analysis. Identities marked as Tier 0 Assets represent potential organization-level compromise if misused or exposed.