Cloud Security, Application security

New Google Workspace guidance unveiled by CISA

In a bid to avert another breach similar to the hack of several U.S. government email accounts by Chinese advanced persistent threat operation Storm-0558 using a compromised Microsoft signing key, the Cybersecurity and Infrastructure Security Agency has introduced new Secure Cloud Business Applications guidance for Google Workspace, CyberScoop reports. "Using our ScubaGear assessment tool, agency practitioners implemented advanced protections and configured cloud environments to better safeguard sensitive information and secure government services against sophisticated threat actors. Though the Microsoft-specific baselines were developed collaboratively with the Federal Chief Information Officers Council to provide necessary security enhancements for most federal cloud business applications, we quickly identified that more was needed," said CISA Associate Director for Capacity Building Michael Duffy. Such guidelines are now available for public comment. Federal agencies have also been sought by CISA to provide input in validating and improving SCuBA project standards and the ScubaGoggles assessment tool.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.