- Notifications
You must be signed in to change notification settings - Fork270
Automation to assess the state of your M365 tenant against CISA's baselines
License
cisagov/ScubaGear
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
ScubaGear is an assessment tool that verifies that a Microsoft 365 (M365) tenant’s configuration conforms to the policies described in the Secure Cloud Business Applications (SCuBA) Secure Configuration Baselinedocuments.
Note: This documentation can be read usingGitHub Pages.
ScubaGear is for M365 administrators who want to assess their tenant environments against CISA Secure Configuration Baselines.
ScubaGear uses a three-step process:
- Step One - PowerShell code queries M365 APIs for various configuration settings.
- Step Two - It then callsOpen Policy Agent (OPA) to compare these settings against Rego security policies written per the baseline documents.
- Step Three - Finally, it reports the results of the comparison as HTML, JSON, and CSV.
To install ScubaGear fromPSGallery, open a PowerShell 5 terminal on a Windows computer and install the module:
# Install ScubaGearInstall-Module-Name ScubaGear
To install its dependencies:
# Install the minimum required dependenciesInitialize-SCuBA
To verify that it is installed:
# Check the versionInvoke-SCuBA-Version
To run ScubaGear:
# Assess all productsInvoke-SCuBA-ProductNames*
Note: Successfully running ScubaGear requires certain prerequisites and configuration settings. To learn more, read through the sections below.
The following sections should be read in order.
Unless otherwise noted, this project is distributed under the Creative Commons Zero license. With developer approval, contributions may be submitted with an alternate compatible license. If accepted, those contributions will be listed herein with the appropriate license.
About
Automation to assess the state of your M365 tenant against CISA's baselines