Skip to content

Releases: cisagov/ScubaGoggles

v0.2.0

07 Jun 00:33
@github-actions github-actions
v0.2.0
b850aaf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.2.0 Latest
Latest

Baseline Changes

  • Increment baseline version number from v0.1 to v0.2
  • Various spelling and wording improvements throughout the baseline documents
  • Add additional MITRE ATT&CK TTP mappings
  • Change rationale format to match format used in the M365 SCuBA baselines
  • Renumbered policies when a policy is removed
  • Drive & Docs
    • Remove GWS.DRIVEDOCS.2.1
    • Change GWS.DRIVEDOCS.1.3 to SHALL policy
  • Google Calendar
    • Remove GWS.CALENDAR.1.2
    • Remove GWS.CALENDAR.3.2
  • Gmail
    • Remove GWS.GMAIL.3.1
    • Remove GWS.GMAIL.12.1
    • Remove GWS.GMAIL.15.2
    • Remove GWS.GMAIL.19.1
    • Remove GWS.GMAIL.19.2
    • Remove GWS.GMAIL.22.1
    • Remove GWS.GMAIL.22.2
    • Remove GWS.GMAIL.23.x
    • Revise GWS.GMAIL.3.2 (now 3.1) to clarify actions for non-approved addresses
  • Common Controls
    • Remove GWS.COMMONCONTROLS.6.1
    • Remove GWS.COMMONCONTROLS.9.1
    • Remove GWS.COMMONCONTROLS.9.3
    • Remove GWS.COMMONCONTROLS.9.4
    • Remove GWS.COMMONCONTROLS.12.1
  • Google Chat
    • Add Chat policy GWS.CHAT.7.x for content reporting
    • Remove GWS.CHAT.4.2
  • Google Meet
    • Change GWS.MEET.1.1 to SHOULD policy
  • See full list of baseline changes here

Enhancements

  • Refactor Rego code to follow current style best-practices
  • Remove DNS over HTTPS (DoH) NXDOMAIN retry
  • Create a JSON version of the HTML output
  • Add support for service account authentication
  • Enhance error handling for API calls
  • Enhance report details for the Common Controls, Gmail, Calendar, Chat, Classroom, Meet, and Sites baseline reports
  • Add support for detecting settings applied at the group level to Common Controls, Gmail, Calendar, Chat, Classroom, Meet, and Sites baseline reports
  • See full list of enhancements here

Bugs

  • Correct bug relating to the test summary counts for Rules/Common Controls
  • Correct bug relating to classification of controls with no relevant events
  • See full list of bugs here

Dependency Updates

  • The minimum supported OPA version has changed from 0.42.2 to 0.45.0
  • The supported version for the following Python modules has changed:
    • requests: changed from 2.31.0 to 2.32.0
    • dnspython: changed from 4.64.1 to 4.66.3
    • tqdm: changed from 2.2.1 to 2.6.1

Full Changelog: v0.1.0...v0.2.0

Assets 3
Loading
0 Join discussion

v0.1.0

06 Dec 19:50
@github-actions github-actions
v0.1.0
3f42e3f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.0

This is the initial release of the SCuBA Google Workspace Security Configuration Baseline documents for RFC.
Provide feedback on the baselines by opening a GitHub issue or by emailing cybersharedservices@cisa.dhs.gov.

The ScubaGoggles tool itself is in an alpha state. Report outputs could be incorrect and should be reviewed carefully.
See the README for full instructions on running the tool.

The following SCuBA GWS baselines are available:

  • Common Controls
  • Gmail
  • Google Calendar
  • Google Chat
  • Google Classroom
  • Google Drive and Docs
  • Google Meet
  • Google Sites
  • Groups for Business
Assets 3
Loading
0 Join discussion