While most of the conformance checks done by ScubaGoggles rely on Google's Policy API that provides direct access to your GWS settings, some settings are not available from this API. For a few comformance checks where the corresponding settings are not provided by the Policy API, we try to determine the settings using GWS Admin log events.
For these cases, if there is no log event corresponding to a SCuBA baseline policy, ScubaGoggles will indicate that the setting currently can not be checked on its HTML report output. In this situation, we recommend you manually review your GWS security configurations with the SCuBA secure baselines.
Additionally, some events will not be visible due to data retention time limits, as the admin logs are only retained for 6 months (see Data retention and lag times). However, if you wish to generate a log event for testing ScubaGoggles' capabilities, follow the implementation instructions in the SCuBA GWS baseline documents to change your GWS configuration settings. Toggling certain settings, off and on will be enough to generate a log event. Other settings will require implementing more substantive configuration changes.
Many controls can be scoped down to the organizational unit (OU) or group level.
ScubaGoggles is capable of checking settings applied at these levels. However,
for any setting that can be scoped to specific OUs or groups, ScubaGoggles
asserts that at least one event is present for the organization's top-level OU.
If no event can be found for the top-level OU, ScubaGoggles will not display
any results for that control and instead display a warning, such as the following:
- Return to Documentation Home