Scuba tool cisa. The tool operates in three main steps: 1.

Scuba tool cisa Oct 23, 2024 · The SCuBA program provides a valuable assessment tool called ScubaGear to provide reports that help harden Microsoft 365 environments. . CISA has made this tool and the baselines available to all agencies and private sector organizations seeking security improvements. ScubaGear uses a three-step process: Step One - PowerShell code queries M365 APIs for various configuration settings. Doing so will reduce significant risk and enhance collective resilience across the cybersecurity community. The tool operates in three main steps: 1. ; Step Two - It then calls Open Policy Agent (OPA) to compare these settings against Rego security policies written per the baseline documents. Nov 28, 2022 · CISA has provided a tool on GitHub called SCuBA gear, which performs automatic evidence collection of where a M365 tenant matches up against the recommended baselines. Secure Cloud Business Applications (SCuBA) is CISA’s response to the Solar Winds incident of 2020. It uses PowerShell to query M365 APIs for various configuration settings. The project was designed with a comprehensive, threat -informed methodology to identify cloud visibility coverage gaps and requirements. 2. SCuBA provides guidance and capabilities for securing cloud business application ScubaGear is an assessment tool designed to verify the configuration of Microsoft 365 (M365) tenants against the Secure Cloud Business Applications (SCuBA) Security Configuration Baseline documents. Although BOD 25-01 only requires action by Federal Civilian Executive Branch agencies, CISA strongly recommends all stakeholders implement these policies and leverage CISA’s SCuBA assessment tool and the information on this page. SCuBA’s Origin. In this article, I am going to show you how to run the tool and introduce you to a fork I created which additionally maps these recommendations to the CIS Controls. ScubaGear is a no-cost assessment tool that verifies M365 tenant configuration alignment to the policies described in SCuBA’s secure configuration baselines. Microsoft has worked together with CISA to produce and maintain the secure configuration baselines for ScubaGear as well as an accompanying PowerShell script tool to scan M365 environments. rlocyvp gvqwone muplh ysqes pbu svz xacc nmg dopupco mbaf