From 20eac40ae0a0dbba9aff22b6dac52d90b1d96253 Mon Sep 17 00:00:00 2001 From: mdueltgen <148897369+mdueltgen@users.noreply.github.com> Date: Tue, 7 Jan 2025 11:38:52 -0500 Subject: [PATCH 1/6] Added in changes from inital review of driftwood --- scubagoggles/baselines/classroom.md | 2 +- scubagoggles/baselines/commoncontrols.md | 30 ++++++++++++------------ scubagoggles/baselines/drive.md | 2 +- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/scubagoggles/baselines/classroom.md b/scubagoggles/baselines/classroom.md index 15776303..bc2b6902 100644 --- a/scubagoggles/baselines/classroom.md +++ b/scubagoggles/baselines/classroom.md @@ -52,7 +52,7 @@ Who can join classes in your domain SHALL be set to Users in your domain only. Which classes users in your domain can join SHALL be set to Classes in your domain only. - _Rationale:_ Allowing users to join a class from outside your domain could allow for data to be exfiltrated to entities outside the control of the organization creating a significant security risk. -- _Last modified:_ September 27, 2023 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/) diff --git a/scubagoggles/baselines/commoncontrols.md b/scubagoggles/baselines/commoncontrols.md index d3cd1d92..1f06f4b4 100644 --- a/scubagoggles/baselines/commoncontrols.md +++ b/scubagoggles/baselines/commoncontrols.md @@ -314,7 +314,7 @@ Google Workspace handles post-SSO verification for profiles assigned org-wide as Post-SSO verification SHOULD be enabled for users signing in using the SSO profile for your organization. - _Rationale:_ Without enabling post-SSO verification, any Google 2-Step Verification (2SV) configuration is ignored for third-party SSO users. Enabling post-SSO verification will apply 2SV verification policies. -- _Last modified:_ November 4, 2024 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1110: Brute Force](https://attack.mitre.org/techniques/T1110/) @@ -433,7 +433,7 @@ User password length SHALL be at least 12 characters. User password length SHOULD be at least 15 characters. - _Rationale:_ The National Institute of Standards and Technology (NIST) has published guidance indicating that password length is a primary factor in characterizing password strength (NIST SP 800-63B). Longer passwords tend to be more resistant to brute force and dictionary-based attacks. -- _Last modified:_ July 10, 2023 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1110: Brute Force](https://attack.mitre.org/techniques/T1110/) @@ -534,7 +534,7 @@ Pre-Built GWS Admin Roles considered highly privileged: All highly privileged accounts SHALL leverage Google Account authentication with phishing-resistant MFA and not the agency's authoritative on-premises or federated identity system. - _Rationale:_ Leveraging Google Account authentication with phishing resistant MFA for highly privileged accounts reduces the risks associated with a compromise of on-premises federation infrastructure. This makes it more challenging for an adversary to pivot from a compromised on-premises environment to the cloud with privileged access. -- _Last modified:_ July 10, 2023 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1110: Brute Force](https://attack.mitre.org/techniques/T1110/) @@ -808,7 +808,7 @@ Agencies SHALL NOT allow users to access unconfigured third-party apps. Access to Google Workspace applications by less secure apps that do not meet security standards for authentication SHALL be prevented. - _Rationale:_ Antiquated authentication methods introduce additional risk into the workspace environment. Only allowing apps that use modern authentication standards helps reduce the risk of credential compromise. -- _Last modified:_ July 10, 2023 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1110: Brute Force](https://attack.mitre.org/techniques/T1110/) @@ -927,7 +927,7 @@ This section prevents users from downloading a copy of the Google Takeout servic Google Takeout services SHALL be disabled. - _Rationale:_ Google Takeout is a service that allows you to download a copy of your data stored within 40+ Google products and services, including data from Gmail, Drive, Photos, and Calendar. While there may be a valid use case for individuals to back up their data in non-enterprise settings, this feature represents considerable attack surface as a mass data exfiltration mechanism, particularly in enterprise settings where other backup mechanisms are likely in use. -- _Last modified:_ July 10, 2023 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/) @@ -996,7 +996,7 @@ GWS includes system-defined alerting rules that provide situational awareness in Required system-defined alerting rules, as listed in the Policy group description, SHALL be enabled with alerts. - _Rationale:_ Potentially malicious or service-impacting events may go undetected. Setting up a mechanism to alert administrators to the list of events linked above draws attention to them to minimize any impact to users and the agency. -- _Last modified:_ July 10, 2023 +- _Last modified:_ January 2025 - _Note:_ Any system-defined rules not listed are considered optional but should be reviewed and considered for activation by an administrator. - MITRE ATT&CK TTP Mapping @@ -1103,7 +1103,7 @@ At the time of writing, data region policies cannot be applied to data types not The data storage region SHALL be set to be the United States for all users in the agency's GWS environment. - _Rationale_: Without this policy, data could be stored in various regions, potentially exposing it to unauthorized entities. Implementing this policy keeps most data in the U.S., making it harder for potential foreign adversaries to compromise the data. -- _Last modified:_ October 30, 2023 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1591: Gather Victim Organization Information](https://attack.mitre.org/techniques/T1591/) @@ -1115,7 +1115,7 @@ The data storage region SHALL be set to be the United States for all users in th Data SHALL be processed in the region selected for data at rest. - _Rationale:_ Without this policy, data could be processed in a region other than the United States, potentially exposing it unauthorized entities. Implementing this policy allows for data sovereignty over organizational data. -- _Last modified:_ September 20, 2024 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1591: Gather Victim Organization Information](https://attack.mitre.org/techniques/T1591/) @@ -1180,7 +1180,7 @@ Google Workspace considers some of its services "core services," including Gmail Service status for Google services that do not have an individual control SHOULD be set to OFF for everyone. - _Rationale_: Allowing access to additional google services without a need may create unnecessary vulnerabilities within the Google Workspace environment. By turning these services off, it mitigates the risk by not allowing access. -- _Last modified:_ June 11, 2024 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/) @@ -1194,7 +1194,7 @@ Service status for Google services that do not have an individual control SHOULD User access to Early Access Apps SHOULD be disabled. - _Rationale_: Allowing early access to apps may expose users to apps that have not yet been fully vetted and may still need to undergo robust testing to ensure the latest security standards are met. -- _Last modified:_ August 7, 2024 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1199: Trusted Relationship](https://attack.mitre.org/techniques/T1199/) @@ -1273,7 +1273,7 @@ Though use of Google's DLP solution is not strictly required, guidance for confi A custom policy SHALL be configured for Google Drive to protect PII and sensitive information as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN). - _Rationale:_ Users may inadvertently share sensitive information with others who should not have access to it. DLP policies provide a way for agencies to detect and prevent unauthorized disclosures. -- _Last modified:_ October 25, 2024 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/) @@ -1286,7 +1286,7 @@ A custom policy SHALL be configured for Google Drive to protect PII and sensitiv A custom policy SHALL be configured for Google Chat to protect PII and sensitive information as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN). - _Rationale:_ Users may inadvertently share sensitive information with others who should not have access to it. DLP policies provide a way for agencies to detect and prevent unauthorized disclosures. -- _Last modified:_ October 25, 2024 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/) @@ -1298,7 +1298,7 @@ A custom policy SHALL be configured for Google Chat to protect PII and sensitive A custom policy SHALL be configured for Gmail to protect PII and sensitive information as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN). - _Rationale:_ Users may inadvertently share sensitive information with others who should not have access to it. DLP policies provide a way for agencies to detect and prevent unauthorized disclosures. -- _Last modified:_ October 25, 2024 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/) @@ -1310,7 +1310,7 @@ A custom policy SHALL be configured for Gmail to protect PII and sensitive infor The action for the above DLP policies SHOULD be set to block external sharing. - _Rationale:_ Users may inadvertently share sensitive information with others who should not have access to it. DLP policies provide a way for agencies to detect and prevent unauthorized disclosures. -- _Last modified:_ October 25, 2024 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/) @@ -1326,7 +1326,7 @@ The action for the above DLP policies SHOULD be set to block external sharing. - [GWS Admin Help \| Prevent data leaks in email & attachments](https://support.google.com/a/answer/14767988?fl=1&sjid=4620103790740920406-NA) ### Prerequisites -If using Google's DLP solution, the following editions of Google Workspace include Workspace DLP: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Enterprise Essentials Plus. +If using Google's DLP solution, the following editions of Google Workspace include Workspace DLP; Frontline Standard; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Enterprise Essentials Plus. Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Google Workspace license. For Drive DLP, the license must include the Drive log events. diff --git a/scubagoggles/baselines/drive.md b/scubagoggles/baselines/drive.md index 44ff5532..df3b6ae6 100644 --- a/scubagoggles/baselines/drive.md +++ b/scubagoggles/baselines/drive.md @@ -369,7 +369,7 @@ This section addresses Drive for Desktop, a feature that enables users to intera Google Drive for Desktop SHOULD be enabled only for authorized devices. - _Rationale:_ Some users may attempt to use Drive for Desktop to connect unapproved devices (e.g., a personal computer), to the agency's Google Drive. Even if done without malicious intent, this represents a security risk as the agency has no ability audit or protect such computers. -- _Last modified:_ June 7, 2024 +- _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/) From bf04dc65740c661b3079aa14694b3cbd474c466c Mon Sep 17 00:00:00 2001 From: mdueltgen <148897369+mdueltgen@users.noreply.github.com> Date: Tue, 21 Jan 2025 13:29:43 -0500 Subject: [PATCH 2/6] Most recent round of feedback --- scubagoggles/baselines/commoncontrols.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scubagoggles/baselines/commoncontrols.md b/scubagoggles/baselines/commoncontrols.md index 1f06f4b4..45e15c40 100644 --- a/scubagoggles/baselines/commoncontrols.md +++ b/scubagoggles/baselines/commoncontrols.md @@ -944,7 +944,7 @@ Google Takeout services SHALL be disabled. ### Implementation #### GWS.COMMONCONTROLS.12.1v0.3 Instructions -1. Sign in to https://admin.google.com as an administrator. +1. Sign in to [Google Admin console](https://admin.google.com). 2. Select **Data** -\> **Data import & export** -\> **Google Takeout**. 3. Select **User access to Takeout for Google services**. 4. For services without an individual admin control, select **Services without an individual admin control** then **Edit**. @@ -1260,7 +1260,7 @@ To configure additional services per the policy: ## 18. Data Loss Prevention -Using data loss prevention (DLP), organizations can create and apply rules to control the content that users can share in files outside the organization. DLP helps you control what users can share and helps prevent unintended exposure of sensitive information. +Using data loss prevention (DLP), organizations can create and apply rules to control the content that users can share in files outside the organization. DLP helps to prevent unintended exposure of sensitive information. DLP rules can use predefined content detectors to match PII (e.g., SSN), credentials (e.g., API keys), or specific document types (e.g., source code). Custom rules can also be applied based upon regex match or document labels. @@ -1378,7 +1378,7 @@ Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Goog 7. Review the rule details, mark the rule as **Active**, and click **Create.** #### GWS.COMMONCONTROLS.18.4v0.3 Instructions -1. For each rule in the **Actions** section follow steps depending on application: +1. For each rule in the **Actions** section follow these steps depending on application: 1. For Google Drive policies select **Block external sharing**. 2. For Chat policies rules select **Block message** and select **External Conversations** and **Spaces**, **Group chats**, and **1:1 chats**. 3. For Gmail policies select **Block message** and select **Messages sent to external recipients**. From 18fefe0475b174541bd05c16ec24b952a70f09cf Mon Sep 17 00:00:00 2001 From: mdueltgen <148897369+mdueltgen@users.noreply.github.com> Date: Mon, 27 Jan 2025 15:56:18 -0500 Subject: [PATCH 3/6] Next Round of Feedback on 1/24 --- scubagoggles/baselines/chat.md | 2 +- scubagoggles/baselines/commoncontrols.md | 30 ++++++++++++------------ scubagoggles/baselines/drive.md | 6 ++--- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/scubagoggles/baselines/chat.md b/scubagoggles/baselines/chat.md index 60f81729..d380439f 100644 --- a/scubagoggles/baselines/chat.md +++ b/scubagoggles/baselines/chat.md @@ -1,6 +1,6 @@ # CISA Google Workspace Secure Configuration Baseline for Google Chat -Google Chat is a communication and collaboration tool in Google Workspace that supports direct messaging, group conversations, and content creation and sharing. Chat allows administrators to control and manage their messages and files. This Secure Configuration Baseline (SCB) provides specific policies to strengthen Chat security. +Google Chat is a communication and collaboration tool in Google Workspace that supports direct messaging, group conversations, content creation, and sharing. Chat allows administrators to control and manage their messages and files. This Secure Configuration Baseline (SCB) provides specific policies to strengthen Chat security. The Secure Cloud Business Applications (SCuBA) project, run by the Cybersecurity and Infrastructure Security Agency (CISA), provides guidance and capabilities to secure federal civilian executive branch (FCEB) agencies' cloud business application environments and protect federal information that is created, accessed, shared, and stored in those environments. diff --git a/scubagoggles/baselines/commoncontrols.md b/scubagoggles/baselines/commoncontrols.md index 45e15c40..cdffa2c7 100644 --- a/scubagoggles/baselines/commoncontrols.md +++ b/scubagoggles/baselines/commoncontrols.md @@ -950,7 +950,7 @@ Google Takeout services SHALL be disabled. 4. For services without an individual admin control, select **Services without an individual admin control** then **Edit**. 5. Select **Don't allow for everyone**. 6. Click **Save**. -7. For services with an individual admin control, under **apps** select the checkbox next to **Service name** and select **Don't allow**. +7. For services with an individual admin control, under **Apps** select the checkbox next to **Service name** and select **Don't allow**. ## 13. System-defined Rules @@ -1015,7 +1015,7 @@ Required system-defined alerting rules, as listed in the Policy group descriptio ### Implementation #### GWS.COMMONCONTROLS.13.1v0.3 Instructions -1. Sign in to [Google Admin console](https://admin.google.com). +1. Sign in to the [Google Admin console](https://admin.google.com) as an administrator. 2. Click **Rules**. 3. From the Rules page, click **Add a filter**. 4. From the drop-down menu, select **Type**. @@ -1191,7 +1191,7 @@ Service status for Google services that do not have an individual control SHOULD - [T1204:003: Trusted Execution: Malicious Image](https://attack.mitre.org/techniques/T1204/003/) #### GWS.COMMONCONTROLS.16.2v0.3 -User access to Early Access Apps SHOULD be disabled. +User access to Early Access apps SHOULD be disabled. - _Rationale_: Allowing early access to apps may expose users to apps that have not yet been fully vetted and may still need to undergo robust testing to ensure the latest security standards are met. - _Last modified:_ January 2025 @@ -1260,7 +1260,7 @@ To configure additional services per the policy: ## 18. Data Loss Prevention -Using data loss prevention (DLP), organizations can create and apply rules to control the content that users can share in files outside the organization. DLP helps to prevent unintended exposure of sensitive information. +Using data loss prevention (DLP), organizations can create and apply rules to control the content that users can share in files outside the organization, which helps prevent unintended exposure of sensitive information. DLP rules can use predefined content detectors to match PII (e.g., SSN), credentials (e.g., API keys), or specific document types (e.g., source code). Custom rules can also be applied based upon regex match or document labels. @@ -1326,7 +1326,7 @@ The action for the above DLP policies SHOULD be set to block external sharing. - [GWS Admin Help \| Prevent data leaks in email & attachments](https://support.google.com/a/answer/14767988?fl=1&sjid=4620103790740920406-NA) ### Prerequisites -If using Google's DLP solution, the following editions of Google Workspace include Workspace DLP; Frontline Standard; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Enterprise Essentials Plus. +Google DLP is available to users of the following GWS editions: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; and Enterprise Essentials Plus. Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Google Workspace license. For Drive DLP, the license must include the Drive log events. @@ -1343,9 +1343,9 @@ Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Goog 2. In the **Scope** section, apply this rule to the entire domain and click **Continue**. 3. In the **Apps** section, under **Google Drive**, choose the trigger for **Drive files**, then click **Continue**. 4. In the **Conditions** section: - 1. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **Global - Credit card number**. Select the remaining condition properties according to agency need. - 2. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Individual Taxpayer Identification Number**. Select the remaining condition properties according to agency need. - 3. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Social Security Number***. Select the remaining condition properties according to agency need. + 1. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **Global - Credit card number**. Select the remaining condition properties according to agency need. + 2. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **United States - Individual Taxpayer Identification Number**. Select the remaining condition properties according to agency need. + 3. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **United States - Social Security Number***. Select the remaining condition properties according to agency need. 4. Configure other appropriate content and condition definition(s) based upon the agency's individual requirements and click **Continue**. 5. In the **Actions** section, select **Block external sharing** (per [GWS.COMMONCONTROLS.18.4v0.3](#gwscommoncontrols184v03)). 6. In the **Alerting** section, choose a severity level, and optionally, check **Send to alert center to trigger notifications**. @@ -1356,9 +1356,9 @@ Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Goog 2. In the **Scope** section, apply this rule to the entire domain and click **Continue**. 3. In the **Apps** section, choose the trigger for **Google Chat, Message sent, File uploaded** then click **Continue**. 4. In the **Conditions** section: - 1. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **Global - Credit card number**. Select the remaining condition properties according to agency need. - 2. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Individual Taxpayer Identification Number**. Select the remaining condition properties according to agency need. - 3. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Social Security Number***. Select the remaining condition properties according to agency need. + 1. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **Global - Credit card number**. Select the remaining condition properties according to agency need. + 2. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **United States - Individual Taxpayer Identification Number**. Select the remaining condition properties according to agency need. + 3. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **United States - Social Security Number***. Select the remaining condition properties according to agency need. 4. Configure other appropriate content and condition definition(s) based upon the agency's individual requirements and click **Continue**. 5. In the **Actions** section, select **Block**. Under **Select when this action should apply**, select **External Conversations**, **Spaces**, **Group chats**, and **1:1 chats** (See [GWS.COMMONCONTROLS.18.4v0.3](#gwscommoncontrols184v03)). 6. In the **Alerting** section, choose a severity level, and optionally, check **Send to alert center to trigger notifications**. @@ -1369,9 +1369,9 @@ Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Goog 2. In the **Scope** section, apply this rule to the entire domain and click **Continue**. 3. In the **Apps** section, choose the trigger for **Gmail, Message sent** then click **Continue**. 4. In the **Conditions** section: - 1. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **Global - Credit card number**. Select the remaining condition properties according to agency need. - 2. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Individual Taxpayer Identification Number**. Select the remaining condition properties according to agency need. - 3. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Social Security Number***. Select the remaining condition properties according to agency need. + 1. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **Global - Credit card number**. Select the remaining condition properties according to agency need. + 2. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **United States - Individual Taxpayer Identification Number**. Select the remaining condition properties according to agency need. + 3. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **United States - Social Security Number***. Select the remaining condition properties according to agency need. 4. Configure other appropriate content and condition definition(s) based upon the agency's individual requirements and click **Continue**. 5. In the **Actions** section, select **Block message**. Under **Select when this action should apply**, check **Messages sent to external recipients** (See [GWS.COMMONCONTROLS.18.4v0.3](#gwscommoncontrols184v03)). 6. In the **Alerting** section, choose a severity level, and optionally, check **Send to alert center to trigger notifications**. @@ -1381,5 +1381,5 @@ Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Goog 1. For each rule in the **Actions** section follow these steps depending on application: 1. For Google Drive policies select **Block external sharing**. 2. For Chat policies rules select **Block message** and select **External Conversations** and **Spaces**, **Group chats**, and **1:1 chats**. - 3. For Gmail policies select **Block message** and select **Messages sent to external recipients**. + 3. For Gmail policies select **Block message**, and then select **Messages sent to external recipients**. 2. Click **Continue**. diff --git a/scubagoggles/baselines/drive.md b/scubagoggles/baselines/drive.md index df3b6ae6..658034db 100644 --- a/scubagoggles/baselines/drive.md +++ b/scubagoggles/baselines/drive.md @@ -269,7 +269,7 @@ Agencies SHALL enable the security update for Drive files. ### Resources -- [Google Workspace Admin Help: Security update for Google Drive](https://support.google.com/a/answer/10685032?hl=en-EN&fl=1&sjid=14749870194899350730-NA) +- [Google Workspace Admin Help: Manage the link-sharing security update for files](https://support.google.com/a/answer/10685032?hl=en-EN&fl=1&sjid=14749870194899350730-NA) ### Prerequisites @@ -388,14 +388,14 @@ Google Drive for Desktop SHOULD be enabled only for authorized devices. #### GWS.DRIVEDOCS.6.1v0.3 Instructions To Disable Google Drive for Desktop: -1. Sign in to the [Google Admin Console](https://admin.google.com). +1. Sign in to the [Google Admin console](https://admin.google.com) as an administrator. 2. Select **Menu-\>Apps-\>Google Workspace-\>Drive and Docs-\>Google Drive for Desktop**. 3. Uncheck the **Allow Google Drive for desktop in your organization box** checkbox 4. Select **Save.** To limit Google Drive for Desktop to authorized devices: -1. Sign in to the [Google Admin Console](https://admin.google.com). +1. Sign in to the [Google Admin console](https://admin.google.com) as an administrator. 2. Select **Menu-\>Apps-\>Google Workspace-\>Drive and Docs-\>Google Drive for Desktop**. 3. Check the **Allow Google Drive for desktop in your organization box** checkbox. 4. Check the **Only allow Google Drive for desktop on authorized devices checkbox**. From 10828dc58718e5afd40c2bd3f61ef2a492ea5425 Mon Sep 17 00:00:00 2001 From: mdueltgen <148897369+mdueltgen@users.noreply.github.com> Date: Mon, 3 Feb 2025 16:28:53 -0500 Subject: [PATCH 4/6] Latest round of feedback --- scubagoggles/baselines/calendar.md | 2 +- scubagoggles/baselines/chat.md | 2 +- scubagoggles/baselines/classroom.md | 2 +- scubagoggles/baselines/commoncontrols.md | 6 +++--- scubagoggles/baselines/drive.md | 2 +- scubagoggles/baselines/gmail.md | 2 +- scubagoggles/baselines/groups.md | 2 +- scubagoggles/baselines/meet.md | 2 +- scubagoggles/baselines/sites.md | 2 +- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/scubagoggles/baselines/calendar.md b/scubagoggles/baselines/calendar.md index 6e28290f..5ad80528 100644 --- a/scubagoggles/baselines/calendar.md +++ b/scubagoggles/baselines/calendar.md @@ -4,7 +4,7 @@ Google Calendar is a calendar service in Google Workspace used for creating and The Secure Cloud Business Applications (SCuBA) project, run by the Cybersecurity and Infrastructure Security Agency (CISA), provides guidance and capabilities to secure federal civilian executive branch (FCEB) agencies' cloud business application environments and protect federal information that is created, accessed, shared, and stored in those environments. -The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance with the knowledge that every organization has different threat models and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks. +The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks even if such organizations have different risk tolerances or face different threats. For non-Federal users, the information in this document is being provided "as is" for INFORMATIONAL PURPOSES ONLY. CISA does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial entities or commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoritism by CISA. Without limiting the generality of the foregoing, some controls and settings are not available in all products; CISA has no control over vendor changes to products offerings or features. Accordingly, these SCuBA SCBs for GWS may not be applicable to the products available to you. This document does not address, ensure compliance with, or supersede any law, regulation, or other authority. Entities are responsible for complying with any recordkeeping, privacy, and other laws that may apply to the use of technology. This document is not intended to, and does not, create any right or benefit for anyone against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person. diff --git a/scubagoggles/baselines/chat.md b/scubagoggles/baselines/chat.md index d380439f..c796b6e2 100644 --- a/scubagoggles/baselines/chat.md +++ b/scubagoggles/baselines/chat.md @@ -4,7 +4,7 @@ Google Chat is a communication and collaboration tool in Google Workspace that s The Secure Cloud Business Applications (SCuBA) project, run by the Cybersecurity and Infrastructure Security Agency (CISA), provides guidance and capabilities to secure federal civilian executive branch (FCEB) agencies' cloud business application environments and protect federal information that is created, accessed, shared, and stored in those environments. -The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance with the knowledge that every organization has different threat models and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks. +The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks even if such organizations have different risk tolerances or face different threats. For non-Federal users, the information in this document is being provided "as is" for INFORMATIONAL PURPOSES ONLY. CISA does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial entities or commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoritism by CISA. Without limiting the generality of the foregoing, some controls and settings are not available in all products; CISA has no control over vendor changes to products offerings or features. Accordingly, these SCuBA SCBs for GWS may not be applicable to the products available to you. This document does not address, ensure compliance with, or supersede any law, regulation, or other authority. Entities are responsible for complying with any recordkeeping, privacy, and other laws that may apply to the use of technology. This document is not intended to, and does not, create any right or benefit for anyone against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person. diff --git a/scubagoggles/baselines/classroom.md b/scubagoggles/baselines/classroom.md index bc2b6902..544a0d15 100644 --- a/scubagoggles/baselines/classroom.md +++ b/scubagoggles/baselines/classroom.md @@ -6,7 +6,7 @@ Google Classroom is designed and intended for implementation for Education Insti The Secure Cloud Business Applications (SCuBA) project, run by the Cybersecurity and Infrastructure Security Agency (CISA), provides guidance and capabilities to secure federal civilian executive branch (FCEB) agencies' cloud business application environments and protect federal information that is created, accessed, shared, and stored in those environments. -The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance with the knowledge that every organization has different threat models and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks. +The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks even if such organizations have different risk tolerances or face different threats. For non-Federal users, the information in this document is being provided "as is" for INFORMATIONAL PURPOSES ONLY. CISA does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial entities or commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoritism by CISA. Without limiting the generality of the foregoing, some controls and settings are not available in all products; CISA has no control over vendor changes to products offerings or features. Accordingly, these SCuBA SCBs for GWS may not be applicable to the products available to you. This document does not address, ensure compliance with, or supersede any law, regulation, or other authority. Entities are responsible for complying with any recordkeeping, privacy, and other laws that may apply to the use of technology. This document is not intended to, and does not, create any right or benefit for anyone against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person. diff --git a/scubagoggles/baselines/commoncontrols.md b/scubagoggles/baselines/commoncontrols.md index cdffa2c7..8226a90f 100644 --- a/scubagoggles/baselines/commoncontrols.md +++ b/scubagoggles/baselines/commoncontrols.md @@ -4,7 +4,7 @@ The Google Workspace (GWS) Admin console is the primary configuration hub for co The Secure Cloud Business Applications (SCuBA) project, run by the Cybersecurity and Infrastructure Security Agency (CISA), provides guidance and capabilities to secure federal civilian executive branch (FCEB) agencies' cloud business application environments and protect federal information that is created, accessed, shared, and stored in those environments. -The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance with the knowledge that every organization has different threat models and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks. +The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks even if such organizations have different risk tolerances or face different threats. For non-Federal users, the information in this document is being provided "as is" for INFORMATIONAL PURPOSES ONLY. CISA does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial entities or commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoritism by CISA. Without limiting the generality of the foregoing, some controls and settings are not available in all products; CISA has no control over vendor changes to products offerings or features. Accordingly, these SCuBA SCBs for GWS may not be applicable to the products available to you. This document does not address, ensure compliance with, or supersede any law, regulation, or other authority. Entities are responsible for complying with any recordkeeping, privacy, and other laws that may apply to the use of technology. This document is not intended to, and does not, create any right or benefit for anyone against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person. @@ -1114,7 +1114,7 @@ The data storage region SHALL be set to be the United States for all users in th #### GWS.COMMONCONTROLS.15.2v0.3 Data SHALL be processed in the region selected for data at rest. -- _Rationale:_ Without this policy, data could be processed in a region other than the United States, potentially exposing it unauthorized entities. Implementing this policy allows for data sovereignty over organizational data. +- _Rationale:_ Without this policy, data could be processed in a region other than the United States, potentially exposing it unauthorized entities. Implementing this policy accounts for sovereignty over organizational data. - _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping @@ -1193,7 +1193,7 @@ Service status for Google services that do not have an individual control SHOULD #### GWS.COMMONCONTROLS.16.2v0.3 User access to Early Access apps SHOULD be disabled. -- _Rationale_: Allowing early access to apps may expose users to apps that have not yet been fully vetted and may still need to undergo robust testing to ensure the latest security standards are met. +- _Rationale_: Allowing early access to apps may expose users to apps that have not yet been fully vetted and may still need to undergo robust testing to ensure compliance with applicable security standards. - _Last modified:_ January 2025 - MITRE ATT&CK TTP Mapping diff --git a/scubagoggles/baselines/drive.md b/scubagoggles/baselines/drive.md index 658034db..25afbc4c 100644 --- a/scubagoggles/baselines/drive.md +++ b/scubagoggles/baselines/drive.md @@ -4,7 +4,7 @@ Google Drive and Docs are collaboration tools in Google Workspace that support d The Secure Cloud Business Applications (SCuBA) project, run by the Cybersecurity and Infrastructure Security Agency (CISA), provides guidance and capabilities to secure federal civilian executive branch (FCEB) agencies' cloud business application environments and protect federal information that is created, accessed, shared, and stored in those environments. -The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance with the knowledge that every organization has different threat models and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks. +The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks even if such organizations have different risk tolerances or face different threats. For non-Federal users, the information in this document is being provided "as is" for INFORMATIONAL PURPOSES ONLY. CISA does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial entities or commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoritism by CISA. Without limiting the generality of the foregoing, some controls and settings are not available in all products; CISA has no control over vendor changes to products offerings or features. Accordingly, these SCuBA SCBs for GWS may not be applicable to the products available to you. This document does not address, ensure compliance with, or supersede any law, regulation, or other authority. Entities are responsible for complying with any recordkeeping, privacy, and other laws that may apply to the use of technology. This document is not intended to, and does not, create any right or benefit for anyone against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person. diff --git a/scubagoggles/baselines/gmail.md b/scubagoggles/baselines/gmail.md index 0cbbfb08..790e4068 100644 --- a/scubagoggles/baselines/gmail.md +++ b/scubagoggles/baselines/gmail.md @@ -4,7 +4,7 @@ Gmail is the Google Workspace offering for sending and receiving email. Users ca The Secure Cloud Business Applications (SCuBA) project, run by the Cybersecurity and Infrastructure Security Agency (CISA), provides guidance and capabilities to secure federal civilian executive branch (FCEB) agencies' cloud business application environments and protect federal information that is created, accessed, shared, and stored in those environments. -The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance with the knowledge that every organization has different threat models and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks. +The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks even if such organizations have different risk tolerances or face different threats. For non-Federal users, the information in this document is being provided "as is" for INFORMATIONAL PURPOSES ONLY. CISA does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial entities or commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoritism by CISA. Without limiting the generality of the foregoing, some controls and settings are not available in all products; CISA has no control over vendor changes to products offerings or features. Accordingly, these SCuBA SCBs for GWS may not be applicable to the products available to you. This document does not address, ensure compliance with, or supersede any law, regulation, or other authority. Entities are responsible for complying with any recordkeeping, privacy, and other laws that may apply to the use of technology. This document is not intended to, and does not, create any right or benefit for anyone against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person. diff --git a/scubagoggles/baselines/groups.md b/scubagoggles/baselines/groups.md index 4af5e0d5..a68c7e49 100644 --- a/scubagoggles/baselines/groups.md +++ b/scubagoggles/baselines/groups.md @@ -4,7 +4,7 @@ Groups for Business is a Google Workspace collaboration tool that supports stora The Secure Cloud Business Applications (SCuBA) project, run by the Cybersecurity and Infrastructure Security Agency (CISA), provides guidance and capabilities to secure federal civilian executive branch (FCEB) agencies' cloud business application environments and protect federal information that is created, accessed, shared, and stored in those environments. -The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance with the knowledge that every organization has different threat models and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks. +The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks even if such organizations have different risk tolerances or face different threats. For non-Federal users, the information in this document is being provided "as is" for INFORMATIONAL PURPOSES ONLY. CISA does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial entities or commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoritism by CISA. Without limiting the generality of the foregoing, some controls and settings are not available in all products; CISA has no control over vendor changes to products offerings or features. Accordingly, these SCuBA SCBs for GWS may not be applicable to the products available to you. This document does not address, ensure compliance with, or supersede any law, regulation, or other authority. Entities are responsible for complying with any recordkeeping, privacy, and other laws that may apply to the use of technology. This document is not intended to, and does not, create any right or benefit for anyone against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person. diff --git a/scubagoggles/baselines/meet.md b/scubagoggles/baselines/meet.md index cf1fa3c3..59e6df70 100644 --- a/scubagoggles/baselines/meet.md +++ b/scubagoggles/baselines/meet.md @@ -4,7 +4,7 @@ Google Meet is a video conferencing service in Google Workspace that supports re The Secure Cloud Business Applications (SCuBA) project, run by the Cybersecurity and Infrastructure Security Agency (CISA), provides guidance and capabilities to secure federal civilian executive branch (FCEB) agencies' cloud business application environments and protect federal information that is created, accessed, shared, and stored in those environments. -The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance with the knowledge that every organization has different threat models and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks. +The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks even if such organizations have different risk tolerances or face different threats. For non-Federal users, the information in this document is being provided "as is" for INFORMATIONAL PURPOSES ONLY. CISA does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial entities or commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoritism by CISA. Without limiting the generality of the foregoing, some controls and settings are not available in all products; CISA has no control over vendor changes to products offerings or features. Accordingly, these SCuBA SCBs for GWS may not be applicable to the products available to you. This document does not address, ensure compliance with, or supersede any law, regulation, or other authority. Entities are responsible for complying with any recordkeeping, privacy, and other laws that may apply to the use of technology. This document is not intended to, and does not, create any right or benefit for anyone against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person. diff --git a/scubagoggles/baselines/sites.md b/scubagoggles/baselines/sites.md index 84c0b7d5..ff4cb605 100644 --- a/scubagoggles/baselines/sites.md +++ b/scubagoggles/baselines/sites.md @@ -4,7 +4,7 @@ Google Sites is a collaborative tool in Google Workspace that supports the creat The Secure Cloud Business Applications (SCuBA) project, run by the Cybersecurity and Infrastructure Security Agency (CISA), provides guidance and capabilities to secure federal civilian executive branch (FCEB) agencies' cloud business application environments and protect federal information that is created, accessed, shared, and stored in those environments. -The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance with the knowledge that every organization has different threat models and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks. +The CISA SCuBA SCBs for GWS help secure federal information assets stored within GWS cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government's threats and risk tolerance. Organizations outside of the Federal Government may also find these baselines to be useful references to help reduce risks even if such organizations have different risk tolerances or face different threats. For non-Federal users, the information in this document is being provided "as is" for INFORMATIONAL PURPOSES ONLY. CISA does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial entities or commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoritism by CISA. Without limiting the generality of the foregoing, some controls and settings are not available in all products; CISA has no control over vendor changes to products offerings or features. Accordingly, these SCuBA SCBs for GWS may not be applicable to the products available to you. This document does not address, ensure compliance with, or supersede any law, regulation, or other authority. Entities are responsible for complying with any recordkeeping, privacy, and other laws that may apply to the use of technology. This document is not intended to, and does not, create any right or benefit for anyone against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person. From 6b6643c40428d5c6f7b500b2bf9b5566d5eb2200 Mon Sep 17 00:00:00 2001 From: mdueltgen <148897369+mdueltgen@users.noreply.github.com> Date: Mon, 3 Feb 2025 16:32:26 -0500 Subject: [PATCH 5/6] fixing broken link to omb m-21-31 --- scubagoggles/baselines/commoncontrols.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scubagoggles/baselines/commoncontrols.md b/scubagoggles/baselines/commoncontrols.md index 8226a90f..bbe6dda0 100644 --- a/scubagoggles/baselines/commoncontrols.md +++ b/scubagoggles/baselines/commoncontrols.md @@ -1075,7 +1075,7 @@ Audit logs SHALL be maintained for at least 6 months in active storage and an ad - [Google Cloud Architecture Center \| Google Logging export scenarios](https://cloud.google.com/architecture/design-patterns-for-exporting-stackdriver-logging?hl=en#logging_export_scenarios) - [GWS Admin Help \| Data sources for GWS Audit and investigation page](https://support.google.com/a/answer/9725452) - [Google Cloud Operations Suite \| Configure and Manage sinks – Google Cloud](https://cloud.google.com/logging/docs/export/configure_export_v2) -- [OMB M-21-31 \| Office of Management and Budget](https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf) +- [OMB M-21-31 \| Office of Management and Budget](https://bidenwhitehouse.archives.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf) ### Prerequisites From 666160cf7befd40a016f8d5af56b237f75e579dd Mon Sep 17 00:00:00 2001 From: mdueltgen <148897369+mdueltgen@users.noreply.github.com> Date: Mon, 3 Feb 2025 16:39:39 -0500 Subject: [PATCH 6/6] more broken links --- scubagoggles/baselines/commoncontrols.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scubagoggles/baselines/commoncontrols.md b/scubagoggles/baselines/commoncontrols.md index bbe6dda0..ccd58b17 100644 --- a/scubagoggles/baselines/commoncontrols.md +++ b/scubagoggles/baselines/commoncontrols.md @@ -822,7 +822,7 @@ Access to Google Workspace applications by less secure apps that do not meet sec - [RFC 6819](https://datatracker.ietf.org/doc/html/rfc6819) - [RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749) -- [OMB M-22-09](https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf) +- [OMB M-22-09](https://bidenwhitehouse.archives.gov/wp-content/uploads/2022/01/M-22-09.pdf) - [GWS Admin Help \| Control which third-party & internal apps access GWS data](https://support.google.com/a/answer/7281227#zippy=%2Cstep-control-api-access%2Cstep-restrict-or-unrestrict-google-services%2Cbefore-you-begin-review-authorized-third-party-apps%2Cstep-manage-third-party-app-access-to-google-services-add-apps) - [CIS Google Workspace Foundations Benchmark](https://www.cisecurity.org/benchmark/google_workspace) - [GWS Admin Help \| Control access to less secure apps](https://support.google.com/a/answer/6260879?hl=en)