Do we have any open source security benchmarks for Google cloud apart from CIS benchmarks? Generally how pen-testing is done for Cloud infrastructure?
Asked
Active
Viewed 53 times
1 Answers
0
I don't know of any other open source benchmark, but according to security compliance doc the certifications and the compliance standards for GCP are ISO/IEC 27001, HIPAA, FedRAMP, SOC 1.
About the pen testing, according to this other doc, to do a pen test, you are not required to contact Google to begin testing. But it's needed to stick to the Acceptable Use Policy and the Terms of Service and only affect your own projects
In case its useful, there is also a white paper with more info
Andres S
- 1,168
- 7
- 11