December 13, 2023 at 08:30AM
The US cybersecurity agency CISA has released draft guidance for federal agencies to securely use Google Workspace services. The guidance includes secure configuration baselines for nine GWS services and an assessment tool called ScubaGoggles. Federal agencies are encouraged to provide feedback on the draft baselines before January 12, 2024. CISA also plans to release the final M365 baselines in early 2024.
Based on the meeting notes, the main takeaways are:
1. The US cybersecurity agency, CISA, has released draft guidance and capabilities for federal agencies to securely use Google Workspace services.
2. The proposed materials include Secure Cloud Business Applications (SCuBA) secure configuration baselines for nine Google Workspace services, and CISA is seeking public comment on these materials.
3. Federal agencies are encouraged to provide feedback on the draft baselines until January 12, 2024.
4. CISA has also announced the release of ScubaGoggles, an assessment tool designed to help organizations verify that their GWS configuration aligns with the security configuration baselines.
5. The GWS baseline documentation provides minimum secure configuration baselines to help federal agencies secure collaboration, data, and sensitive information stored and transmitted via GWS services.
6. The development of Google Workspace baselines built on CISA’s experience from the Microsoft 365 baselines project.
7. CISA plans to release the final M365 baselines early 2024 and asks federal agencies to help validate and enhance the automated implementation of these SCuBA baselines.
Please let me know if you need any further clarification or additional details.