GCP Category Changes

pkg/policies/opa/rego/gcp/github_repository/accurics.gcp.IAM.145.json → pkg/policies/opa/rego/gcp/github_repository/AC-GC-IA-GR-M-0001.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Repository is Not Private.",
-    "reference_id": "accurics.gcp.IAM.145",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-GR-M-0001",
+    "category": "Identity and Access Management",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_bigquery_dataset/accurics.gcp.IAM.106.json → pkg/policies/opa/rego/gcp/google_bigquery_dataset/AC-GC-IA-BQ-H-0002.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "BigQuery datasets may be anonymously or publicly accessible.",
-    "reference_id": "accurics.gcp.IAM.106",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-BQ-H-0002",
+    "category": "Identity and Access Management",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_compute_disk/accurics.gcp.EKM.131.json → pkg/policies/opa/rego/gcp/google_compute_disk/AC-GC-DP-CD-M-0003.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) .",
-    "reference_id": "accurics.gcp.EKM.131",
-    "category": "Encryption \u0026 Key Management",
+    "reference_id": "AC-GC-DP-CD-M-0003",
+    "category": "Data Protection",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.EKM.132.json → pkg/policies/opa/rego/gcp/google_compute_instance/AC-GC-DP-CI-M-0196.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "VM disks attached to a compute instance should be encrypted with Customer Supplied Encryption Keys (CSEK) .",
-    "reference_id": "accurics.gcp.EKM.132",
-    "category": "Encryption \u0026 Key Management",
+    "reference_id": "AC-GC-DP-CI-M-0196",
+    "category": "Data Protection",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.IAM.124.json → pkg/policies/opa/rego/gcp/google_compute_instance/AC-GC-IA-CI-M-0191.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Instances may have been configured to use the default service account with full access to all Cloud APIs",
-    "reference_id": "accurics.gcp.IAM.124",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-CI-M-0191",
+    "category": "Identity and Access Management",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.IAM.128.json → pkg/policies/opa/rego/gcp/google_compute_instance/AC-GC-IA-CI-M-0193.json

@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that no instance in the project overrides the project setting for enabling OSLogin",
-    "reference_id": "accurics.gcp.IAM.128",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-CI-M-0193",
+    "category": "Identity and Access Management",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.125.json → pkg/policies/opa/rego/gcp/google_compute_instance/AC-GC-IS-CI-H-0190.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Instances may have been configured to use the default service account with full access to all Cloud APIs",
-    "reference_id": "accurics.gcp.NS.125",
-    "category": "Access Control",
+    "reference_id": "AC-GC-IS-CI-H-0190",
+    "category": "Infrastructure Security",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.126.json → pkg/policies/opa/rego/gcp/google_compute_instance/AC-GC-IS-CI-M-0192.json

@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure 'Block Project-wide SSH keys' is enabled for VM instances.",
-    "reference_id": "accurics.gcp.NS.126",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CI-M-0192",
+    "category": "Infrastructure Security",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.129.json → pkg/policies/opa/rego/gcp/google_compute_instance/AC-GC-IS-CI-M-0194.json

@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure 'Enable connecting to serial ports' is not enabled for VM instances.",
-    "reference_id": "accurics.gcp.NS.129",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CI-M-0194",
+    "category": "Infrastructure Security",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.130.json → pkg/policies/opa/rego/gcp/google_compute_instance/AC-GC-IS-CI-M-0195.json

@@ -8,7 +8,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure IP forwarding is not enabled on Instances.",
-    "reference_id": "accurics.gcp.NS.130",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CI-M-0195",
+    "category": "Infrastructure Security",
     "version": 1
-}
+}

pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.133.json → pkg/policies/opa/rego/gcp/google_compute_instance/AC-GC-IS-CI-M-0197.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure Compute instances are launched with Shielded VM enabled.",
-    "reference_id": "accurics.gcp.NS.133",
-    "category": "Network Security ",
+    "reference_id": "AC-GC-IS-CI-M-0197",
+    "category": "Infrastructure Security",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_compute_ssl_policy/accurics.gcp.EKM.134.json → pkg/policies/opa/rego/gcp/google_compute_ssl_policy/AC-GC-IS-CP-M-0198.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites.",
-    "reference_id": "accurics.gcp.EKM.134",
-    "category": "Encryption \u0026 Key Management",
+    "reference_id": "AC-GC-IS-CP-M-0198",
+    "category": "Infrastructure Security",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_compute_subnetwork/accurics.gcp.LOG.118.json → pkg/policies/opa/rego/gcp/google_compute_subnetwork/AC-GC-LM-CS-M-0199.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network.",
-    "reference_id": "accurics.gcp.LOG.118",
-    "category": "Logging ",
+    "reference_id": "AC-GC-LM-CS-M-0199",
+    "category": "Logging and Monitoring",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.115.json → pkg/policies/opa/rego/gcp/google_container_cluster/AC-GC-CV-CC-H-0207.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Kubernetes Cluster is created with Alias IP ranges enabled",
-    "reference_id": "accurics.gcp.OPS.115",
-    "category": "Operational Efficiency",
+    "reference_id": "AC-GC-CV-CC-H-0207",
+    "category": "Compliance Validation",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.116.json → pkg/policies/opa/rego/gcp/google_container_cluster/AC-GC-CV-CC-H-0210.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters.",
-    "reference_id": "accurics.gcp.OPS.116",
-    "category": "Operational Efficiency",
+    "reference_id": "AC-GC-CV-CC-H-0210",
+    "category": "Compliance Validation",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.113.json → pkg/policies/opa/rego/gcp/google_container_cluster/AC-GC-CV-CC-H-0213.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Kubernetes Clusters are configured with Labels.",
-    "reference_id": "accurics.gcp.OPS.113",
-    "category": "Operational Efficiency",
+    "reference_id": "AC-GC-CV-CC-H-0213",
+    "category": "Compliance Validation",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.142.json → pkg/policies/opa/rego/gcp/google_container_cluster/AC-GC-IA-CC-H-0204.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Legacy Authorization is set to disabled on Kubernetes Engine Clusters.",
-    "reference_id": "accurics.gcp.IAM.142",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-CC-H-0204",
+    "category": "Identity and Access Management",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.104.json → pkg/policies/opa/rego/gcp/google_container_cluster/AC-GC-IA-CC-H-0208.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Kubernetes Cluster is created with Client Certificate disabled.",
-    "reference_id": "accurics.gcp.IAM.104",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-CC-H-0208",
+    "category": "Identity and Access Management",
     "version": 1
-}
+}

pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.110.json → pkg/policies/opa/rego/gcp/google_container_cluster/AC-GC-IA-CC-H-0211.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure GKE basic auth is disabled.",
-    "reference_id": "accurics.gcp.IAM.110",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-CC-H-0211",
+    "category": "Identity and Access Management",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.112.json → pkg/policies/opa/rego/gcp/google_container_cluster/AC-GC-IS-CC-H-0205.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Master Authentication is set to enabled on Kubernetes Engine Clusters.",
-    "reference_id": "accurics.gcp.NS.112",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CC-H-0205",
+    "category": "Infrastructure Security",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.103.json → pkg/policies/opa/rego/gcp/google_container_cluster/AC-GC-IS-CC-H-0206.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Network policy is enabled on Kubernetes Engine Clusters.",
-    "reference_id": "accurics.gcp.NS.103",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CC-H-0206",
+    "category": "Infrastructure Security",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.109.json → pkg/policies/opa/rego/gcp/google_container_cluster/AC-GC-IS-CC-H-0209.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure GKE Control Plane is not public.",
-    "reference_id": "accurics.gcp.NS.109",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CC-H-0209",
+    "category": "Infrastructure Security",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.117.json → pkg/policies/opa/rego/gcp/google_container_cluster/AC-GC-IS-CC-H-0212.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Kubernetes Cluster is created with Private cluster enabled.",
-    "reference_id": "accurics.gcp.NS.117",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CC-H-0212",
+    "category": "Infrastructure Security",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.LOG.100.json → pkg/policies/opa/rego/gcp/google_container_cluster/AC-GC-LM-CC-H-0202.json

@@ -7,7 +7,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure Stackdriver Logging is enabled on Kubernetes Engine Clusters.",
-    "reference_id": "accurics.gcp.LOG.100",
-    "category": "Logging",
+    "reference_id": "AC-GC-LM-CC-H-0202",
+    "category": "Logging and Monitoring",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.MON.143.json → pkg/policies/opa/rego/gcp/google_container_cluster/AC-GC-LM-CC-H-0203.json

@@ -7,7 +7,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure Stackdriver Monitoring is enabled on Kubernetes Engine Clusters.",
-    "reference_id": "accurics.gcp.MON.143",
-    "category": "Monitoring",
+    "reference_id": "AC-GC-LM-CC-H-0203",
+    "category": "Logging and Monitoring",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.114.json → pkg/policies/opa/rego/gcp/google_container_node_pool/AC-GC-CV-CN-H-0216.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image.",
-    "reference_id": "accurics.gcp.OPS.114",
-    "category": "Operational Efficiency",
+    "reference_id": "AC-GC-CV-CN-H-0216",
+    "category": "Compliance Validation",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.101.json → pkg/policies/opa/rego/gcp/google_container_node_pool/AC-GC-SP-CN-H-0215.json

@@ -7,7 +7,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure 'Automatic node upgrade' is enabled for Kubernetes Clusters.",
-    "reference_id": "accurics.gcp.OPS.101",
-    "category": "Operational Efficiency",
+    "reference_id": "AC-GC-SP-CN-H-0215",
+    "category": "Security Best Practices",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.144.json → pkg/policies/opa/rego/gcp/google_container_node_pool/AC-GC-SP-CN-M-0217.json

@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure 'Automatic node repair' is enabled for Kubernetes Clusters.",
-    "reference_id": "accurics.gcp.OPS.144",
-    "category": "Operational Efficiency",
+    "reference_id": "AC-GC-SP-CN-M-0217",
+    "category": "Security Best Practices",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_dns_managed_zone/accurics.gcp.NS.107.json → pkg/policies/opa/rego/gcp/google_dns_managed_zone/AC-GC-IS-DZ-H-0218.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure that DNSSEC is enabled for Cloud DNS.",
-    "reference_id": "accurics.gcp.NS.107",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-DZ-H-0218",
+    "category": "Infrastructure Security",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_dns_managed_zone/accurics.gcp.EKM.108.json → pkg/policies/opa/rego/gcp/google_dns_managed_zone/AC-GC-IS-DZ-H-0219.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC.",
-    "reference_id": "accurics.gcp.EKM.108",
-    "category": "Encryption \u0026 Key Management",
+    "reference_id": "AC-GC-IS-DZ-H-0219",
+    "category": "Infrastructure Security",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_kms_crypto_key/accurics.gcp.EKM.007.json → pkg/policies/opa/rego/gcp/google_kms_crypto_key/AC-GC-SP-KC-H-0220.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Encryption keys are rotated within a period of 365 days.",
-    "reference_id": "accurics.gcp.EKM.007",
-    "category": "Encryption \u0026 Key Management",
+    "reference_id": "AC-GC-SP-KC-H-0220",
+    "category": "Security Best Practices",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_kms_crypto_key/accurics.gcp.EKM.139.json → pkg/policies/opa/rego/gcp/google_kms_crypto_key/AC-GC-SP-KC-M-0221.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure Encryption keys are rotated within a period of 90 days.",
-    "reference_id": "accurics.gcp.EKM.139",
-    "category": "Encryption \u0026 Key Management",
+    "reference_id": "AC-GC-SP-KC-M-0221",
+    "category": "Security Best Practices",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_project/accurics.gcp.NS.119.json → pkg/policies/opa/rego/gcp/google_project/AC-GC-IS-PR-M-0222.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure that the default network does not exist in a project.",
-    "reference_id": "accurics.gcp.NS.119",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-PR-M-0222",
+    "category": "Infrastructure Security",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_project_iam_audit_config/accurics.gcp.LOG.010.json → pkg/policies/opa/rego/gcp/google_project_iam_audit_config/AC-GC-LM-PA-H-0223.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure that Cloud Audit Logging is configured properly across all services and all users from a project.",
-    "reference_id": "accurics.gcp.LOG.010",
-    "category": "Logging",
+    "reference_id": "AC-GC-LM-PA-H-0223",
+    "category": "Logging and Monitoring",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_project_iam_binding/accurics.gcp.IAM.150.json → pkg/policies/opa/rego/gcp/google_project_iam_binding/AC-GC-IA-PB-H-0224.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure that corporate login credentials are used instead of Gmail accounts.",
-    "reference_id": "accurics.gcp.IAM.150",
+    "reference_id": "AC-GC-IA-PB-H-0224",
     "category": "Identity and Access Management",
     "version": 1
 }

pkg/policies/opa/rego/gcp/google_project_iam_binding/accurics.gcp.IAM.136.json → pkg/policies/opa/rego/gcp/google_project_iam_binding/AC-GC-IA-PB-M-0225.json

@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level.",
-    "reference_id": "accurics.gcp.IAM.136",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-PB-M-0225",
+    "category": "Identity and Access Management",
     "version": 1
 }