Cisa scuba connect CISA established the SCuBA project in 2022 to address cybersecurity and visibility gaps exposed by software-as-a-service (SaaS) cyber intrusions and compromises. CISA created baselines tailored to the federal government’s threats and risk tolerance with the knowledge that every organization has different Mar 12, 2024 · The Cybersecurity and Infrastructure Security Agency (CISA) developed this Hybrid Identity Solutions Guidance to help readers better understand identity management capabilities, the tradeoffs that exist in various implementation options, and factors that should be considered when making implementation decisions. Following the release of CISA’s Binding Operational Directive (BOD) 25-01: Implementing Secure Practices for Cloud Services on Dec. The CISA SCuBA SCBs for M365 help secure federal information assets stored within M365 cloud business application environments through consistent, effective, and manageable security configurations. In accordance with Executive Order 14028, CISA’s SCuBA project aims to develop consistent, effective, modern, and manageable security that will help secure organizations’ information assets stored within cloud environments. Apr 20, 2022 · CISA is initially focused on using SCuBA to secure Google Workspace and Microsoft Office 365 cloud environments for federal agencies. Running SCuBA. Although BOD 25-01 only requires action by Federal Civilian Executive Branch agencies, CISA strongly recommends all stakeholders implement these policies and leverage CISA’s SCuBA assessment tool and the information on this page. As the SCuBA project progresses, CISA will determine potential candidate cybersecurity shared service offering(s) in support of secure cloud business applications. Doing so will reduce significant risk and enhance collective resilience across the cybersecurity community. WHEN WILL CISA LAUNCH SCUBA? CISA will launch a test pilot in FY23 to examine product-specific security baselines implementation for M365. 17, 2024, which requires Federal Civilian Executive Branch (FCEB) agencies to deploy SCuBA assessment tools for in-scope cloud tenants no later than Friday, April 25, 2025 and begin continuous reporting, agencies can use ScubaConnect to ensure their cloud SCuBA’s Origin. In the future, CISA may release additional SCuBA Secure Configuration Baselines for other cloud products. Visit CISA’s SCuBA project page for more information. Through ongoing dialogue and collaboration with industry and government stakeholders, CISA developed initial guidance documents as a part of the SCuBA project, which aims to help agencies adopt necessary Mar 21, 2025 · Native cloud infrastructure for automatically running ScubaGear/ScubaGoggles - Releases · cisagov/ScubaConnect SCuBA Secure Configuration Baselines and assessment tool for Google Workspace - GitHub - cisagov/ScubaGoggles: SCuBA Secure Configuration Baselines and assessment tool for Google Workspace Mar 1, 2024 · In the root of the directory where you extracted the SCuBA files, run SetUp. CISA will design cybersecurity architectures for both services to account for cybersecurity and visibility gaps in cloud business apps while enabling agencies to identify and detect bad actors. Dec 17, 2024 · Today, CISA issued Binding Operational Directive (BOD) 25-01, Implementing Secure Practices for Cloud Services to safeguard federal information and information systems. This did appear to work as expected, as there were no errors in the PowerShell window. Secure Cloud Business Applications (SCuBA) is CISA’s response to the Solar Winds incident of 2020. . CISA created baselines tailored to the federal government’s threats and risk tolerance with the knowledge that every organization has different Mar 12, 2024 · HISG is the latest resource released by CISA’s SCuBA project. Although its primary goal is to help secure Federal Civilian Executive Branch (FCEB) information in cloud environments, all organizations can use SCuBA to strengthen SaaS security. Next, you can run SCuBA as per the documentation in GitHub: Invoke-SCuBA. ps1: This will install all of the prerequisites needed to get going with SCuBA. ; Step Two - It then calls Open Policy Agent (OPA) to compare these settings against Rego security policies written per the baseline documents. The project was designed with a comprehensive, threat -informed methodology to identify cloud visibility coverage gaps and requirements. Upon issuance of applicable baselines, such products will fall under the scope of this Directive. SCuBA will enhance the security of FCEB cloud business application environments through additional configurations, settings and security products. 17, 2024, which requires Federal Civilian Executive Branch (FCEB) agencies to deploy SCuBA assessment tools for in-scope cloud tenants no later than Friday, April 25, 2025 and begin continuous reporting, agencies can use ScubaConnect to ensure their cloud . Dec 17, 2024 · At the time of issuance of BOD 25-01, CISA published final SCuBA Secure Cloud Configuration Baselines for Microsoft Office 365 (M365). HOW MUCH WILL SCUBA COST AGENCIES? Dec 17, 2024 · Today, CISA issued Binding Operational Directive (BOD) 25-01, Implementing Secure Practices for Cloud Services to safeguard federal information and information systems. SCuBA provides guidance and capabilities for securing cloud business application ScubaGear uses a three-step process: Step One - PowerShell code queries M365 APIs for various configuration settings. This Directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud environments to CISA’s Secure Cloud Business Applications (SCuBA) secure configuration basel Mar 9, 2024 · Tools You Should Know: ScubaGear Developed by CISA, ScubaGear is an assessment tool that verifies a Microsoft 365 (M365) tenant’s configuration conforms to the policies described in the Secure Cloud Business Applications (SCuBA) Security Configuration Baseline documents. xecrvgydfvgbgiluxlqqorjabkamqxcpqyhisckrympihruqe