Releases: cisagov/ScubaGoggles
Releases · cisagov/ScubaGoggles
v0.2.0
Baseline Changes
- Increment baseline version number from v0.1 to v0.2
- Various spelling and wording improvements throughout the baseline documents
- Add additional MITRE ATT&CK TTP mappings
- Change rationale format to match format used in the M365 SCuBA baselines
- Renumbered policies when a policy is removed
- Drive & Docs
- Remove GWS.DRIVEDOCS.2.1
- Change GWS.DRIVEDOCS.1.3 to SHALL policy
- Google Calendar
- Remove GWS.CALENDAR.1.2
- Remove GWS.CALENDAR.3.2
- Gmail
- Remove GWS.GMAIL.3.1
- Remove GWS.GMAIL.12.1
- Remove GWS.GMAIL.15.2
- Remove GWS.GMAIL.19.1
- Remove GWS.GMAIL.19.2
- Remove GWS.GMAIL.22.1
- Remove GWS.GMAIL.22.2
- Remove GWS.GMAIL.23.x
- Revise GWS.GMAIL.3.2 (now 3.1) to clarify actions for non-approved addresses
- Common Controls
- Remove GWS.COMMONCONTROLS.6.1
- Remove GWS.COMMONCONTROLS.9.1
- Remove GWS.COMMONCONTROLS.9.3
- Remove GWS.COMMONCONTROLS.9.4
- Remove GWS.COMMONCONTROLS.12.1
- Google Chat
- Add Chat policy GWS.CHAT.7.x for content reporting
- Remove GWS.CHAT.4.2
- Google Meet
- Change GWS.MEET.1.1 to SHOULD policy
- See full list of baseline changes here
Enhancements
- Refactor Rego code to follow current style best-practices
- Remove DNS over HTTPS (DoH) NXDOMAIN retry
- Create a JSON version of the HTML output
- Add support for service account authentication
- Enhance error handling for API calls
- Enhance report details for the Common Controls, Gmail, Calendar, Chat, Classroom, Meet, and Sites baseline reports
- Add support for detecting settings applied at the group level to Common Controls, Gmail, Calendar, Chat, Classroom, Meet, and Sites baseline reports
- See full list of enhancements here
Bugs
- Correct bug relating to the test summary counts for Rules/Common Controls
- Correct bug relating to classification of controls with no relevant events
- See full list of bugs here
Dependency Updates
- The minimum supported OPA version has changed from 0.42.2 to 0.45.0
- The supported version for the following Python modules has changed:
- requests: changed from 2.31.0 to 2.32.0
- dnspython: changed from 4.64.1 to 4.66.3
- tqdm: changed from 2.2.1 to 2.6.1
Full Changelog: v0.1.0...v0.2.0
v0.1.0
This is the initial release of the SCuBA Google Workspace Security Configuration Baseline documents for RFC.
Provide feedback on the baselines by opening a GitHub issue or by emailing cybersharedservices@cisa.dhs.gov.
The ScubaGoggles tool itself is in an alpha state. Report outputs could be incorrect and should be reviewed carefully.
See the README for full instructions on running the tool.
The following SCuBA GWS baselines are available:
- Common Controls
- Gmail
- Google Calendar
- Google Chat
- Google Classroom
- Google Drive and Docs
- Google Meet
- Google Sites
- Groups for Business