Today, CISA released the draft Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines and the associated assessment tool ScubaGoggles for public comment. The draft baselines offer minimum viable security configurations for nine GWS services: Groups for Business, Google Calendar, Google Common Controls, Google Classroom, Google Meet, Gmail, Google Chat, Google Drive and Docs, and Google Sites. The ScubaGoggles tool assesses GWS tenants' compliance against the baselines.
Federal agencies and other organizations are invited to adopt the draft baselines in their GWS environments, tailor them to reflect their own unique needs and risk tolerances, and then share their experiences with CISA during the public comment period, which closes Jan. 12, 2024. Comments will ensure that the final published baselines are clear, feasible, and effective.
The draft SCuBA GWS Secure Configuration Baselines is the latest offering from CISA’s SCuBA project, dedicated to securing data stored in the cloud through additional configurations, settings, and security products. These baselines are created in accordance with Executive Order 14028 to provide enhanced visibility into cloud security.
Comment on SCuBA GWS Secure Configuration Baselines by Jan. 12, 2024. For more information, read CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace and visit CISA’s SCuBA project page.
Read more... Alerts