data.yaml

metadata:
  id: e06f9ef1-eedb-5f95-b8d4-36d27d602afd
  name: Ensure Legacy Networks Do Not Exist for Older Projects
  profile_applicability: '* Level 1'
  description: |-
    In order to prevent use of legacy networks, a project should not have a legacy network configured.
    As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them.
    This recommendation is to check older projects to ensure that they are not using Legacy Networks.
  rationale: |-
    Legacy networks have a single network IPv4 prefix range and a single gateway IP address for the whole network.
    The network is global in scope and spans all cloud regions.
    Subnetworks cannot be created in a legacy network and are unable to switch from legacy to auto or custom subnet networks.
    Legacy networks can have an impact for high network traffic projects and are subject to a single point of contention or failure.
  audit: |-
    **From Google Cloud CLI**

    For each Google Cloud Platform project,

    1. Set the project name in the Google Cloud Shell:
    ```

    gcloud config set project <Project-ID> 
    ```
    2. List the networks configured in that project:
    ```

    gcloud compute networks list 
    ```
    None of the listed networks should be in the `legacy` mode.
  remediation: |-
    **From Google Cloud CLI**

    For each Google Cloud Platform project,

    1. Follow the documentation and create a non-legacy network suitable for the organization's requirements.

    2. Follow the documentation and delete the networks in the `legacy` mode.
  impact: None.
  default_value: ''
  references: |-
    1. https://cloud.google.com/vpc/docs/using-legacy#creating_a_legacy_network
    2. https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network
  section: Networking
  version: '1.0'
  tags:
  - CIS
  - GCP
  - CIS 3.2
  - Networking
  benchmark:
    name: CIS Google Cloud Platform Foundation
    version: v2.0.0
    id: cis_gcp
    rule_number: '3.2'
    posture_type: cspm