Policy Templates for GCR
Google Container Registry (GCR)
Policy Templates for Container Security are used with Google Container Registry (GCR).
For instructions on how to find Policy templates that are new or updated due to changed recommendations, see Find New and Updated Policy Templates.
| Policy Name | Resource | Benchmark | PCI DSS | HIPAA | NIST 800-53 | Policy Description |
|---|---|---|---|---|---|---|
| GCR: Registries should not be exposed to everyone/ publicly for push actions | GCR | Yes | SC-6, Resource Availability | Registry push actions should not be allowed to everyone | ||
| GCR: Registries should not be exposed to everyone/ publicly for pull actions | GCR | Yes | SI-7, Software, Firmware, and Information Integrity. | Registry pull actions should not be allowed to everyone | ||
| GCR: Registries should not be exposed to everyone/ publicly for push actions | GCR | Yes | SI-7, Software, Firmware, and Information Integrity. | Registry push actions should not be allowed to everyone | ||
| GCR: Image Registry should not have more than 200 repositories | GCR | Yes | SC-6, Resource Availability | Image Registry should not have more than 200 repositories | ||
| GCR: Users should not be granted FullAccess GCR Permission | GCR | Yes | 3.2.3 Insufficient authentication and authorization restrictions | IAM Policies are not recommended to be associated with GCR Full Access Permissions |