Skip to content

cisagov/ScubaGear

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

407e52a · Dec 23, 2024
Dec 4, 2024
Aug 1, 2024
Dec 19, 2024
Dec 17, 2024
May 15, 2024
Dec 23, 2024
Jul 19, 2024
Feb 15, 2024
Dec 12, 2024
Dec 16, 2022
Jan 19, 2024
Feb 26, 2024
Feb 29, 2024
Jul 21, 2022
Dec 12, 2024
Feb 29, 2024
Mar 25, 2024

Repository files navigation

CISA Logo

GitHub Release PSGallery Release CI Pipeline Functional Tests GitHub License GitHub Downloads PSGallery Downloads GitHub Issues

ScubaGear is an assessment tool that verifies that a Microsoft 365 (M365) tenant’s configuration conforms to the policies described in the Secure Cloud Business Applications (SCuBA) Secure Configuration Baseline documents.

Note: This documentation can be read using GitHub Pages.

Target Audience

ScubaGear is for M365 administrators who want to assess their tenant environments against CISA Secure Configuration Baselines.

Overview

ScubaGear uses a three-step process:

  • Step One - PowerShell code queries M365 APIs for various configuration settings.
  • Step Two - It then calls Open Policy Agent (OPA) to compare these settings against Rego security policies written per the baseline documents.
  • Step Three - Finally, it reports the results of the comparison as HTML, JSON, and CSV.

Getting Started

To install ScubaGear from PSGallery, open a PowerShell 5 terminal on a Windows computer and install the module:

# Install ScubaGear
Install-Module -Name ScubaGear

To install its dependencies:

# Install the minimum required dependencies
Initialize-SCuBA 

To verify that it is installed:

# Check the version
Invoke-SCuBA -Version

To run ScubaGear:

# Assess all products
Invoke-SCuBA -ProductNames *

Note: Successfully running ScubaGear requires certain prerequisites and configuration settings. To learn more, read through the sections below.

Table of Contents

The following sections should be read in order.

Installation

Prerequisites

Execution

Configuration

Troubleshooting

Misc

Project License

Unless otherwise noted, this project is distributed under the Creative Commons Zero license. With developer approval, contributions may be submitted with an alternate compatible license. If accepted, those contributions will be listed herein with the appropriate license.