%20Image&labelColor=008ad7)
ScubaConnect is cloud-native infrastructure that automates the execution of assessment tools ScubaGear and ScubaGoggles across multiple tenants from a central location, allowing administrators to maintain consistent and secure configurations
ScubaConnect is for M365 and GWS administrators who want to streamline the assessment of their tenant environments against CISA Secure Configuration Baselines (SCBs), eliminating the need to manually update, configure, and run ScubaGear and ScubaGoggles.
Following the release of CISA’s Binding Operational Directive (BOD) 25-01: Implementing Secure Practices for Cloud Services on Dec. 17, 2024, which requires Federal Civilian Executive Branch (FCEB) agencies to deploy SCuBA assessment tools for in-scope cloud tenants no later than Friday, April 25, 2025 and begin continuous reporting, agencies can use ScubaConnect to ensure their cloud environments are properly configured and that reports are submitted automatically to CISA. For more information, please refer to the SCuBA project webpage or email [email protected].
ScubaConnect has two managed components for SCuBA’s two current assessment tools: GearConnect (for ScubaGear) and GogglesConnect (for ScubaGoggles).
All code is provided in terraform for easy installation. For use with ScubaGear (Microsoft 365), see m365 directory.
All code is provided in terraform for easy installation. For use with ScubaGoggles (Google Workspace), see gws directory.
- BOD 25-01: Implementation Guidance for Implementing Secure Practices for Cloud Services
- For FCEB agencies, email [email protected] to gain access to the SCuBA Slack Channel
Unless otherwise noted, this project is distributed under the Creative Commons Zero license. With developer approval, contributions may be submitted with an alternate compatible license. If accepted, those contributions will be listed herein with the appropriate license.
