CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment

Today, CISA released the draft Secure Cloud Business Applications Google Workspace Secure Configuration Baselines and the associated assessment tool ScubaGoggles for public comment.
The ScubaGoggles tool assesses GWS tenants' compliance against the baselines.
Federal agencies and other organizations are invited to adopt the draft baselines in their GWS environments, tailor them to reflect their own unique needs and risk tolerances, and then share their experiences with CISA during the public comment period, which closes Jan. 12, 2024.
Comments will ensure that the final published baselines are clear, feasible, and effective.
The draft SCuBA GWS Secure Configuration Baselines is the latest offering from CISA's SCuBA project, dedicated to securing data stored in the cloud through additional configurations, settings, and security products.
These baselines are created in accordance with Executive Order 14028 to provide enhanced visibility into cloud security.
This product is provided subject to this Notification and this Privacy & Use policy.


This Cyber News was published on www.cisa.gov. Publication date: Tue, 12 Dec 2023 14:13:10 +0000


Cyber News related to CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment

CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace - As federal civilian agencies continue to modernize IT enterprises, increased reliance on cloud services, platform services, and external providers has introduced new types of risks. Recent threat activity from groups such as Storm-0558 have ...
11 months ago Cisa.gov
CISA Asks on Google Workspace Secure Configuration Baselines - In a groundbreaking stride towards fortifying cloud security, the Cybersecurity and Infrastructure Security Agency unveils the Secure Cloud Business Applications Google Workspace Secure Configuration Baselines. This architectural marvel establishes a ...
11 months ago Gbhackers.com
CISA Finalizes Microsoft 365 Secure Configuration Baselines - When CISA initiated its Secure Cloud Business Applications project, our goal was to elevate the federal government's baseline for email and cloud environments by optimizing the security capabilities available within widely used products and services ...
11 months ago Cisa.gov
CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines - The US cybersecurity agency CISA on Tuesday released draft guidance and capabilities for federal agencies to securely use Google Workspace services. The proposed materials, for which CISA is seeking public comment, include Secure Cloud Business ...
11 months ago Securityweek.com
CISA Unveils Tools to Strengthen Google Cloud Services - As organizations continue their migration to the cloud, threat groups are not far behind. According to a report earlier this year from cybersecurity firm CrowdStrike, the number of attacks against cloud environments in 2022 jumped 95% year-over-year, ...
11 months ago Securityboulevard.com
CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment - Today, CISA released the draft Secure Cloud Business Applications Google Workspace Secure Configuration Baselines and the associated assessment tool ScubaGoggles for public comment. The ScubaGoggles tool assesses GWS tenants' compliance against the ...
11 months ago Cisa.gov
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
6 months ago Securityaffairs.com
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool - CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations' Microsoft 365 cloud services. This guidance release is accompanied by the updated SCuBAGear tool that ...
11 months ago Cisa.gov
Google Workspace Marketplace: 4 Tips for Choosing the Best Apps - An Independent Security Verification badge is one indication that an app should go to the top of your list when evaluating options in the Google Workspace Marketplace. We may be compensated by vendors who appear on this page through methods such as ...
11 months ago Techrepublic.com
Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
1 year ago Darkreading.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
2 months ago Therecord.media
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
7 months ago Techrepublic.com
CISA Publishes SCuBA Hybrid Identity Solutions Guidance - CISA has published Secure Cloud Business Applications Hybrid Identity Solutions Guidance to help users better understand identity management capabilities and securely integrate their traditional on-premises enterprise networks with cloud-based ...
8 months ago Cisa.gov
DeleFriend Weakness Puts Google Workspace Security at Risk - Security researchers have uncovered a new design flaw in the Google Workspace Domain-Wide Delegation feature. Named "DeleFriend" by Hunters' Team Axon, the vulnerability could potentially expose Google Workspace to unauthorized access and privilege ...
1 year ago Infosecurity-magazine.com
Denmark orders schools to stop sending student data to Google - The Danish data protection authority has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools. The matter was brought to the agency's attention ...
9 months ago Bleepingcomputer.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
11 months ago Cisa.gov
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
8 months ago Securityweek.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
11 months ago Cisa.gov
Google Workspace Announced New Password Policies, What is Changing - Google Workspace will no longer support the sign-in method for third-party apps or devices that require users to share their Google username and password. Google Workspace has announced new password policies that will impact how users and third-party ...
2 months ago Gbhackers.com
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
8 months ago Techtarget.com
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
6 months ago Cisa.gov
CISA Issues Request For Information on Secure by Design Software Whitepaper - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency published a Request for Information from all interested parties on secure by design software practices, including the Shifting the Balance of Cybersecurity Risk: Principles and ...
11 months ago Cisa.gov
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
10 months ago Cysecurity.news
CISA reveals how fed agency succumbed to ColdFusion attacks The Register - CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March ...
11 months ago Go.theregister.com
EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
11 months ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)