Ensure Essential Contacts is Configured for Organization

To resolve this issue, you either need to set contacts for each of the following categories:

• Legal
• Security
• Suspension
• Technical
• Technical Incidents

Or have a contact set for the All category

** From Google Cloud Console **

1. Go to Essential Contacts by visiting https://console.cloud.google.com/iam- admin/essential-contacts
2. Make sure the organization appears in the resource selector at the top of the page. The resource selector tells you what project, folder, or organization you are currently managing contacts for.
3. Click + Add contact
4. In the Email and Confirm Email fields, enter the email address of the contact.
5. From the Notification categories drop-down menu, select the notification categories that you want the contact to receive communications for.
6. Click Save

** From Google Cloud CLI **

Run the following command:

 gcloud essential-contacts create --email="" \ --notification-categories="" \ --organization=

Service-wide remediation

Recommended when many resources are affected: fix the platform baseline first so new resources inherit the secure setting, then remediate the existing flagged resources in batches.

Google Cloud

Use organization or folder policies where available, shared project templates, logs and alerting baselines, and IaC modules so new resources inherit the secure setting.

Operational rollout

1. Fix the baseline first at the account, subscription, project, cluster, or tenant scope that owns this control.
2. Remediate the currently affected resources in batches, starting with internet-exposed and production assets.
3. Re-scan and track approved exceptions with an owner and expiry date.