Developed by CISA, ScubaGoggles is an assessment tool that verifies a Google Workspace (GWS) organization's configuration conforms to the policies described in the Secure Cloud Business Applications (SCuBA) Security Configuration Baseline documents.
For the Microsoft 365 (M365) rendition of this tool, see ScubaGear.
[!WARNING] This tool is in an alpha state and in active development. At this time, outputs could be incorrect and should be reviewed carefully.
We use a three-step process:
The majority of the conformance checks done by ScubaGoggles rely on GWS Admin log events. If there is no log event corresponding to a SCuBA baseline policy, ScubaGoggles will indicate that the setting currently can not be checked on its HTML report output. In this situation, we recommend you manually review your GWS security configurations with the SCuBA security baselines. See Limitations for more details.
Unless otherwise noted, this project is distributed under the Creative Commons Zero license. With developer approval, contributions may be submitted with an alternate compatible license. If accepted, those contributions will be listed herein with the appropriate license.