CyberSecurityBoard
Sponsor Register Login

CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines

The US cybersecurity agency CISA on Tuesday released draft guidance and capabilities for federal agencies to securely use Google Workspace services.
The proposed materials, for which CISA is seeking public comment, include Secure Cloud Business Applications secure configuration baselines for nine Google Workspace services, namely Calendar, Chat, Common Controls, Classroom, Drive and Docs, Gmail, Groups for Business, Meet, and Sites.
Federal agencies are encouraged to provide feedback on the draft baselines until January 12, 2024.
The baselines are available on GitHub and on CISA's website.
The cybersecurity agency also announced the release of ScubaGoggles, an assessment tool designed to help organizations verify that their GWS configuration falls in line with the policies outlined in the SCuBA security configuration baselines.
The tool, which relies on GWS admin log events to perform assessments, was released in alpha and is under active development, meaning that outputs might not be correct, CISA warns.
The GWS baseline documentation provides minimum secure configuration baselines to help federal agencies secure collaboration, along with data and sensitive information stored and transmitted via GWS services.
The development of Google Workspace baselines built on CISA's experience from the Microsoft 365 baselines project, which was opened to public comment between October and December 2022.
The agency plans to release the final M365 baselines early 2024.


This Cyber News was published on www.securityweek.com. Publication date: Wed, 13 Dec 2023 14:58:04 +0000


Cyber News related to CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines

CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace - As federal civilian agencies continue to modernize IT enterprises, increased reliance on cloud services, platform services, and external providers has introduced new types of risks. Recent threat activity from groups such as Storm-0558 have ...
10 months ago Cisa.gov
CISA Finalizes Microsoft 365 Secure Configuration Baselines - When CISA initiated its Secure Cloud Business Applications project, our goal was to elevate the federal government's baseline for email and cloud environments by optimizing the security capabilities available within widely used products and services ...
10 months ago Cisa.gov
CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines - The US cybersecurity agency CISA on Tuesday released draft guidance and capabilities for federal agencies to securely use Google Workspace services. The proposed materials, for which CISA is seeking public comment, include Secure Cloud Business ...
10 months ago Securityweek.com
CISA Asks on Google Workspace Secure Configuration Baselines - In a groundbreaking stride towards fortifying cloud security, the Cybersecurity and Infrastructure Security Agency unveils the Secure Cloud Business Applications Google Workspace Secure Configuration Baselines. This architectural marvel establishes a ...
10 months ago Gbhackers.com
CISA Unveils Tools to Strengthen Google Cloud Services - As organizations continue their migration to the cloud, threat groups are not far behind. According to a report earlier this year from cybersecurity firm CrowdStrike, the number of attacks against cloud environments in 2022 jumped 95% year-over-year, ...
10 months ago Securityboulevard.com
CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment - Today, CISA released the draft Secure Cloud Business Applications Google Workspace Secure Configuration Baselines and the associated assessment tool ScubaGoggles for public comment. The ScubaGoggles tool assesses GWS tenants' compliance against the ...
10 months ago Cisa.gov
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
5 months ago Securityaffairs.com
Google Workspace Marketplace: 4 Tips for Choosing the Best Apps - An Independent Security Verification badge is one indication that an app should go to the top of your list when evaluating options in the Google Workspace Marketplace. We may be compensated by vendors who appear on this page through methods such as ...
11 months ago Techrepublic.com
Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
11 months ago Darkreading.com
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool - CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations' Microsoft 365 cloud services. This guidance release is accompanied by the updated SCuBAGear tool that ...
10 months ago Cisa.gov
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 month ago Therecord.media
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
6 months ago Techrepublic.com
DeleFriend Weakness Puts Google Workspace Security at Risk - Security researchers have uncovered a new design flaw in the Google Workspace Domain-Wide Delegation feature. Named "DeleFriend" by Hunters' Team Axon, the vulnerability could potentially expose Google Workspace to unauthorized access and privilege ...
11 months ago Infosecurity-magazine.com
Denmark orders schools to stop sending student data to Google - The Danish data protection authority has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools. The matter was brought to the agency's attention ...
9 months ago Bleepingcomputer.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
10 months ago Cisa.gov
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
7 months ago Securityweek.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
11 months ago Cisa.gov
Google Workspace Announced New Password Policies, What is Changing - Google Workspace will no longer support the sign-in method for third-party apps or devices that require users to share their Google username and password. Google Workspace has announced new password policies that will impact how users and third-party ...
1 month ago Gbhackers.com
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
5 months ago Cisa.gov
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
9 months ago Cysecurity.news
Biden's budget proposal boosts CISA's funding to $3b The Register - US President Joe Biden has asked Congress to approve an extra $103 million in funding for the Cybersecurity and Infrastructure Security Agency, bringing CISA's total budget to $3 billion. Biden proposed his $7.3 trillion spending plan for fiscal year ...
7 months ago Go.theregister.com
CISA reveals how fed agency succumbed to ColdFusion attacks The Register - CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March ...
11 months ago Go.theregister.com
EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
10 months ago Cisa.gov
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
7 months ago Techtarget.com
Optigo Networks ONS-S8 Spectra Aggregation Switch | CISA - CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial ...
1 month ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)