CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace

As federal civilian agencies continue to modernize IT enterprises, increased reliance on cloud services, platform services, and external providers has introduced new types of risks.
Recent threat activity from groups such as Storm-0558 have demonstrated the importance of hardening email and identity infrastructure, enabling key security capabilities such as logging, and enhancing the security of underlying cloud environments.
The Administration's Executive Order 14028 has accelerated cross-government efforts to advance cloud security practices, implement encryption and multifactor authentication, and enhance operational visibility and logging on federal government networks.
Earlier this year, CISA worked with a dozen federal agencies to apply the Secure Cloud Business Applications secure configuration baselines for Microsoft 365 across agency enterprises.
Using our ScubaGear assessment tool, agency practitioners implemented advanced protections and configured cloud environments to better safeguard sensitive information and secure government services against sophisticated threat actors.
Though the Microsoft-specific baselines were developed collaboratively with the Federal Chief Information Officers Council to provide necessary security enhancements for most federal cloud business applications, we quickly identified that more was needed.
Today, CISA takes another step forward by releasing the SCuBA project's Google Workspace secure configuration baselines along with our new assessment tool, ScubaGoggles.
Developed in close collaboration with Google, these materials are specifically designed to assist federal agencies with securing GWS environments and leveraging native security capabilities to enhance an organization's overall cyber posture.
Every organization, public and private, can benefit from the security recommendations and best practices outlined in the GWS Baselines and should consider whether their current baseline requires enhancements in light of the evolving cyber threat environment.
CISA requests public comment on the GWS baselines and the ScubaGoggles tool to help ensure our products enable necessary security improvements to keep pace with evolving technologies while considering the challenging cyber threat environment.
CISA's GWS Baselines draw upon the success, lessons learned and expertise gained from the M365 Baselines project to apply a consistent and comprehensive approach to securing GWS cloud environments.
Once finalized and fully implemented, the GWS baselines will reduce misconfigurations and enhance the protection of sensitive data, bolstering overall cybersecurity resilience.
These baselines provide a collection of tailored security controls for nine core GWS services.
They cover key GWS components, such as safeguarding collaboration on Google Meet, securing data stored in Gmail or protecting sensitive information in Google Drive and Docs.
The publication of the GWS and M365 Baselines will further CISA's mission to secure the federal IT enterprise while the also serving as a resource for all organizations leveraging the two most widely-used business platforms.
Users across the Federal Government and beyond rely on these cloud-based business applications daily to communicate and store sensitive information and conduct critical business functions which is precisely why these systems remain such prime targets for malicious actors.
Our goal is to help organizations secure their work, keep confidential information private, and empower cybersecurity teams to harden these environments and gain operational visibility within these cloud-based business applications.
Along with seeking public comment from all interested stakeholders, CISA asks federal agencies to help validate and enhance the automated implementation of these SCuBA Baselines.
The baselines are available for download on CISA's GitHub or at CISA.gov/SCUBA..


This Cyber News was published on www.cisa.gov. Publication date: Tue, 12 Dec 2023 14:13:10 +0000


Cyber News related to CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace

CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace - As federal civilian agencies continue to modernize IT enterprises, increased reliance on cloud services, platform services, and external providers has introduced new types of risks. Recent threat activity from groups such as Storm-0558 have ...
10 months ago Cisa.gov
CISA Finalizes Microsoft 365 Secure Configuration Baselines - When CISA initiated its Secure Cloud Business Applications project, our goal was to elevate the federal government's baseline for email and cloud environments by optimizing the security capabilities available within widely used products and services ...
10 months ago Cisa.gov
CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines - The US cybersecurity agency CISA on Tuesday released draft guidance and capabilities for federal agencies to securely use Google Workspace services. The proposed materials, for which CISA is seeking public comment, include Secure Cloud Business ...
10 months ago Securityweek.com
CISA Asks on Google Workspace Secure Configuration Baselines - In a groundbreaking stride towards fortifying cloud security, the Cybersecurity and Infrastructure Security Agency unveils the Secure Cloud Business Applications Google Workspace Secure Configuration Baselines. This architectural marvel establishes a ...
10 months ago Gbhackers.com
CISA Unveils Tools to Strengthen Google Cloud Services - As organizations continue their migration to the cloud, threat groups are not far behind. According to a report earlier this year from cybersecurity firm CrowdStrike, the number of attacks against cloud environments in 2022 jumped 95% year-over-year, ...
10 months ago Securityboulevard.com
CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment - Today, CISA released the draft Secure Cloud Business Applications Google Workspace Secure Configuration Baselines and the associated assessment tool ScubaGoggles for public comment. The ScubaGoggles tool assesses GWS tenants' compliance against the ...
10 months ago Cisa.gov
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
5 months ago Securityaffairs.com
Google Workspace Marketplace: 4 Tips for Choosing the Best Apps - An Independent Security Verification badge is one indication that an app should go to the top of your list when evaluating options in the Google Workspace Marketplace. We may be compensated by vendors who appear on this page through methods such as ...
11 months ago Techrepublic.com
Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
11 months ago Darkreading.com
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool - CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations' Microsoft 365 cloud services. This guidance release is accompanied by the updated SCuBAGear tool that ...
10 months ago Cisa.gov
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 month ago Therecord.media
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
6 months ago Techrepublic.com
DeleFriend Weakness Puts Google Workspace Security at Risk - Security researchers have uncovered a new design flaw in the Google Workspace Domain-Wide Delegation feature. Named "DeleFriend" by Hunters' Team Axon, the vulnerability could potentially expose Google Workspace to unauthorized access and privilege ...
11 months ago Infosecurity-magazine.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
11 months ago Cisa.gov
Denmark orders schools to stop sending student data to Google - The Danish data protection authority has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools. The matter was brought to the agency's attention ...
9 months ago Bleepingcomputer.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
10 months ago Cisa.gov
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
7 months ago Securityweek.com
Google Workspace Announced New Password Policies, What is Changing - Google Workspace will no longer support the sign-in method for third-party apps or devices that require users to share their Google username and password. Google Workspace has announced new password policies that will impact how users and third-party ...
1 month ago Gbhackers.com
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
7 months ago Techtarget.com
CISA Issues Request For Information on Secure by Design Software Whitepaper - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency published a Request for Information from all interested parties on secure by design software practices, including the Shifting the Balance of Cybersecurity Risk: Principles and ...
10 months ago Cisa.gov
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
5 months ago Cisa.gov
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
9 months ago Cysecurity.news
Biden's budget proposal boosts CISA's funding to $3b The Register - US President Joe Biden has asked Congress to approve an extra $103 million in funding for the Cybersecurity and Infrastructure Security Agency, bringing CISA's total budget to $3 billion. Biden proposed his $7.3 trillion spending plan for fiscal year ...
7 months ago Go.theregister.com
CISA reveals how fed agency succumbed to ColdFusion attacks The Register - CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March ...
11 months ago Go.theregister.com
EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
10 months ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)