Overview
This report conducts a technical assessment of your Google Workspace environment against the CIS Google Workspaces Foundations Benchmark v1.2, a widely adopted security framework that outlines best practices for securing Google Workspace organizations and user data. The benchmark is structured across multiple control areas such as identity management, data sharing, email security, authentication, logging, and monitoring.
This assessment includes the following CIS Benchmark sections:
1. Directory and Identity Management
- 1.1.1–1.1.3 – Super Admin account management, including minimum and maximum account limits, and dedicated usage for administrative activities
- 1.2.1 – Directory sharing restrictions to prevent external access
2. Drive and Data Sharing
- 3.1.2.1.1.3 – Document sharing controls with domain allowlists
- 3.1.2.1.2.3 – Shared drive file access restrictions to members only
- 3.1.2.1.2.4 – Restrictions on download, print, and copy capabilities for viewers and commenters
- 3.1.6.2 – Group creation restrictions
3. Gmail and Messaging Security
- 3.1.3.1.1 – Mailbox delegation restrictions
- 3.1.3.1.2 – Gmail offline access controls
- 3.1.3.5.1 – POP and IMAP access restrictions
- 3.1.3.5.2 – Automatic email forwarding restrictions
4. Authentication and Access Control
- 4.1.1.1 – 2-Step Verification (MFA) enforcement for administrative roles
- 4.1.1.3 – 2-Step Verification (MFA) enforcement for all users
- 4.2.1 – Third-party OAuth app access restrictions
5. Logging and Audit
- 5.1.1 – Admin audit logging
- 5.1.2 – Login audit logging
6. Monitoring and Alerts
- 6.1 – Super Admin role change alerts
This assessment uses Google Workspace services such as Directory, Gmail, Drive, Reports API, Alert Center, and Cloud Identity to validate best practice configurations.
Upon completion, you will receive a detailed report listing all passed and failed controls, along with actionable guidance to bring your Google Workspace environment into alignment with the CIS Google Workspaces Foundations Benchmark v1.2.