Data protection

Storage bucket without uniform bucket-level access

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCPA, CPRA, Data Security Posture Management (DSPM) Best Practices, GCP CIS, GDPR, HITRUST, ISO 27701, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, PDPA, UK Cyber Essentials

Description

We have found a bucket ({GcpStorageBucket}) without uniform bucket-level access enabled. Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.