Google cloud general policies

Ensure GCP VM disks are encrypted with CSEKs

Ensure boot disks for instances use CSEKs

Ensure compute instances launch with shielded VM enabled

Ensure GCP KMS encryption key is rotating every 90 days

Ensure incoming connections to Cloud SQL database instances use SSL

Ensure Cloud SQL database instances have backup configuration enabled

Ensure GCP BigQuery dataset is not publicly accessible

Ensure there are only GCP-managed service account keys for each service account

Ensure Cloud KMS cryptokeys are not anonymously or publicly accessible

Ensure GCP resources that support labels have Labels