search

cisagov / ScubaGoggles

SCuBA Secure Configuration Baselines and assessment tool for Google Workspace
https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
Creative Commons Zero v1.0 Universal
149 stars 20 forks source link

Changes to Common Controls Baseline #315

Closed jkaufman-mitre closed 1 month ago

jkaufman-mitre commented 3 months ago

๐Ÿ—ฃ Description

The following changes were made within the common controls baseline:

๐Ÿ’ญ Motivation and context

Fixes #240 Fixes #252 Fixes #274 Fixes #276

๐Ÿงช Testing

โœ… Pre-approval checklist

โœ… Pre-merge Checklist

โœ… Post-merge Checklist

jkaufman-mitre commented 3 months ago

Removed Policy 10.1 because there is no implementation for the policy. Agencies will be evaluated on their in-house procedures for items such as this as part of their NIST 800-53 control assessments. The technical implementation steps are already covered within this policy group.

jkaufman-mitre commented 3 months ago

Moved 11.2 to Policy Group 10 (#318)

adhilto commented 3 months ago

Moved 11.2 to Policy Group 10 (#318)

Looks like this change might not have been pushed yet?

jkaufman-mitre commented 2 months ago

Made Common Controls 11.1 a SHALL.

jkaufman-mitre commented 2 months ago

TTP Mappings have been added.

jkaufman-mitre commented 2 months ago

@adhilto @buidav Can you review this. This one is ready for review again.

mdueltgen commented 2 months ago

As discussed, removed Issue 290 for 2.2. Context Aware Access revamp will happen in the next release after Coast.

@adhilto Please review the 2.1 section for Coast release including changes to the implementation steps.

snarve commented 2 months ago

11.2 is unchanged as @adhilto mentioned in the email thread. Since there is a separate issue for this( #318 ), recommend to create a separate branch for this and commit separately as this PR tackles multiple issues already. Having a separate branch and PR (per issue) would ease the tracking and updates. @jkaufman-mitre @mdueltgen @adhilto @buidav any thoughts on this

adhilto commented 2 months ago

11.2 is unchanged as @adhilto mentioned in the email thread. Since there is a separate issue for this( #318 ), recommend to create a separate branch for this and commit separately as this PR tackles multiple issues already. Having a separate branch and PR (per issue) would ease the tracking and updates. @jkaufman-mitre @mdueltgen @adhilto @buidav any thoughts on this

I agree, that's the right call (with the caveat that branch be made after this one is merged in to ease merge conflicts). I just edited the description of this PR to remove that issue so it's accurate and so that that issue won't auto-close once this PR is merged.

mdueltgen commented 2 months ago

11.2 is unchanged as @adhilto mentioned in the email thread. Since there is a separate issue for this( #318 ), recommend to create a separate branch for this and commit separately as this PR tackles multiple issues already. Having a separate branch and PR (per issue) would ease the tracking and updates. @jkaufman-mitre @mdueltgen @adhilto @buidav any thoughts on this

I agree, that's the right call (with the caveat that branch be made after this one is merged in to ease merge conflicts). I just edited the description of this PR to remove that issue so it's accurate and so that that issue won't auto-close once this PR is merged.

Sounds good I will make sure #318 and #290 are in different branches for the next release. I think now that those two have been removed from the description of this PR, I think we should be good to do review of PR as is and merge for Coast.