You can create a custom compliance framework in Audit Manager in the following two ways:
- Create a new custom compliance framework.
- Create a custom compliance framework from an existing compliance framework.
Before you begin
Ensure that you have the Audit Manager Custom Compliance Framework Admin (roles/auditmanager.ccfAdmin)
IAM role.
Create a new custom compliance framework
In the Google Cloud console, go to the Audit Manager page.
Click Frameworks.
A list of built-in compliance frameworks is displayed on the Frameworks page.
On the Frameworks page, click Create framework.
In the Basic information section, do the following:
In the Name field, enter the name of the compliance framework that meets the following requirements:
- Be unique.
- Be 1-63 characters in length.
- Match the regular expression
^[a-z]([-a-z0-9]*[a-z0-9])?. This means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen.
In the Description field, enter the description of the compliance framework.
Click Continue.
In the Control selection section, select the regulatory and Google Cloud defined cloud controls to your compliance framework. You can copy cloud controls from an existing compliance framework, add individual cloud controls, or both.
To copy cloud controls from an existing compliance framework, click Select framework to copy. In the Select framework to copy pane, select the built-in or custom compliance frameworks that you want, and then click Add.
To add the individual cloud controls, click Add controls. Select one or more cloud controls that you want, and then click Select. All the selected controls are displayed in the Selected controls table.
Click Continue.
In the Specify parameter section, some of the selected controls might require one or more of the following parameter inputs. If prompted, enter the required value types and values according to the displayed parameters.
- Location: Specify location boundaries for your resources. For more information, see Restricting resource locations.
- Allowed Services: Specify hierarchical restrictions on Google Cloud resource services within a resource container, such as an organization, a folder, or a project. For more information, see Restricting resource usage.
- Services Requiring CMEK: Specify restrictions on the creation of certain Google Cloud services without the presence of a customer-managed encryption key (CMEK). For more information, see CMEK organization policies.
Click Continue.
In the Review section, verify the compliance framework configuration, and then click Create.
The custom compliance framework is created.
Create a custom compliance framework from an existing compliance framework
In the Google Cloud console, go to the Audit Manager page.
Click Frameworks.
The following two tabs are displayed on the Frameworks page. You can create a compliance framework from a built-in or an existing custom compliance framework.
- Built-in
- Custom
Select the required tab.
Locate the compliance framework you want to copy, click More options, and then click Copy to create new framework. Alternatively, you can click the compliance framework name in the Name column, and then click Copy to create new framework. The Create new framework page is displayed.
The name and description of the compliance framework are displayed in the Basic information section. Modify the fields as needed, and then click Continue.
The selected cloud controls are displayed in the Control selection section. Add or remove the cloud controls as needed, and then click Continue.
The parameter values and value types are displayed in the Specify parameter section. Modify the fields as needed, and then click Continue.
Verify the compliance framework configuration in the Review section, and then click Create.
The custom compliance framework is created.