turbot/steampipe-mod-googleworkspace-compliance

Benchmark: 3.1.3.5 End User Access

Overview

The CIS Google Workspace Community does not have any specific security recommendations with regard to Google Meet, due to its usage being very organizationally specific.

That being said, are some items that Admins should consider when deploying Google Meet:

  • Who should be allowed to create meetings?
  • Example: In an education environment possibly configure that only Teachers can be allowed to create a meeting and Students only attend.
  • Who can join a meeting?
  • Example: In an education environment possibly Teachers can attend any meeting (internally or externally created) and Students can only attend internally created meetings.

Settings you may want to review are:

  1. Log in to https://admin.google.com as an administrator.

  2. Select Google Workspace.

  3. Select Apps.

  4. Select Google Meet.

  5. Select Meet video settings.

  • Select Recording- Let people record their meetings.
  • Select Stream- Let people stream their meetings.
  1. Select Meet safety settings.
  • Select Domain- Who can join meetings created by your organization
  • Select Access- Which meetings users in the organization can join
  • Select Joining- How users join a meeting (quick access)
  • Select Chat- Who can send in-call chat messages
  • Select Present- Who can share their screens in calls
  • Select Host management- `Default host management

NOTE: To configure this properly will likely require creating different Organizational Units (OUs) to segment users properly and allow different configuration settings to be applied. An informative video on this topic can be found here.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-googleworkspace-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select 3.1.3.5 End User Access.

Run this benchmark in your terminal:

powerpipe benchmark run googleworkspace_compliance.benchmark.cis_v120_3_1_3_5

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run googleworkspace_compliance.benchmark.cis_v120_3_1_3_5 --share

Controls

Tags