From 20eac40ae0a0dbba9aff22b6dac52d90b1d96253 Mon Sep 17 00:00:00 2001
From: mdueltgen <148897369+mdueltgen@users.noreply.github.com>
Date: Tue, 7 Jan 2025 11:38:52 -0500
Subject: [PATCH 1/3] Added in changes from inital review of driftwood

---
 scubagoggles/baselines/classroom.md      |  2 +-
 scubagoggles/baselines/commoncontrols.md | 30 ++++++++++++------------
 scubagoggles/baselines/drive.md          |  2 +-
 3 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/scubagoggles/baselines/classroom.md b/scubagoggles/baselines/classroom.md
index 15776303..bc2b6902 100644
--- a/scubagoggles/baselines/classroom.md
+++ b/scubagoggles/baselines/classroom.md
@@ -52,7 +52,7 @@ Who can join classes in your domain SHALL be set to Users in your domain only.
 Which classes users in your domain can join SHALL be set to Classes in your domain only.
 
 - _Rationale:_ Allowing users to join a class from outside your domain could allow for data to be exfiltrated to entities outside the control of the organization creating a significant security risk.
-- _Last modified:_ September 27, 2023
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
diff --git a/scubagoggles/baselines/commoncontrols.md b/scubagoggles/baselines/commoncontrols.md
index d3cd1d92..1f06f4b4 100644
--- a/scubagoggles/baselines/commoncontrols.md
+++ b/scubagoggles/baselines/commoncontrols.md
@@ -314,7 +314,7 @@ Google Workspace handles post-SSO verification for profiles assigned org-wide as
 Post-SSO verification SHOULD be enabled for users signing in using the SSO profile for your organization.
 
 - _Rationale:_ Without enabling post-SSO verification, any Google 2-Step Verification (2SV) configuration is ignored for third-party SSO users. Enabling post-SSO verification will apply 2SV verification policies.
-- _Last modified:_ November 4, 2024
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1110: Brute Force](https://attack.mitre.org/techniques/T1110/)
@@ -433,7 +433,7 @@ User password length SHALL be at least 12 characters.
 User password length SHOULD be at least 15 characters.
 
 - _Rationale:_ The National Institute of Standards and Technology (NIST) has published guidance indicating that password length is a primary factor in characterizing password strength (NIST SP 800-63B). Longer passwords tend to be more resistant to brute force and dictionary-based attacks.
-- _Last modified:_ July 10, 2023
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1110: Brute Force](https://attack.mitre.org/techniques/T1110/)
@@ -534,7 +534,7 @@ Pre-Built GWS Admin Roles considered highly privileged:
 All highly privileged accounts SHALL leverage Google Account authentication with phishing-resistant MFA and not the agency's authoritative on-premises or federated identity system.
 
 - _Rationale:_ Leveraging Google Account authentication with phishing resistant MFA for highly privileged accounts reduces the risks associated with a compromise of on-premises federation infrastructure. This makes it more challenging for an adversary to pivot from a compromised on-premises environment to the cloud with privileged access.
-- _Last modified:_ July 10, 2023
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1110: Brute Force](https://attack.mitre.org/techniques/T1110/)
@@ -808,7 +808,7 @@ Agencies SHALL NOT allow users to access unconfigured third-party apps.
 Access to Google Workspace applications by less secure apps that do not meet security standards for authentication SHALL be prevented.
 
 - _Rationale:_ Antiquated authentication methods introduce additional risk into the workspace environment. Only allowing apps that use modern authentication standards helps reduce the risk of credential compromise.
-- _Last modified:_ July 10, 2023
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1110: Brute Force](https://attack.mitre.org/techniques/T1110/)
@@ -927,7 +927,7 @@ This section prevents users from downloading a copy of the Google Takeout servic
 Google Takeout services SHALL be disabled.
 
 - _Rationale:_ Google Takeout is a service that allows you to download a copy of your data stored within 40+ Google products and services, including data from Gmail, Drive, Photos, and Calendar. While there may be a valid use case for individuals to back up their data in non-enterprise settings, this feature represents considerable attack surface as a mass data exfiltration mechanism, particularly in enterprise settings where other backup mechanisms are likely in use.
-- _Last modified:_ July 10, 2023
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
@@ -996,7 +996,7 @@ GWS includes system-defined alerting rules that provide situational awareness in
 Required system-defined alerting rules, as listed in the Policy group description, SHALL be enabled with alerts.
 
 - _Rationale:_ Potentially malicious or service-impacting events may go undetected. Setting up a mechanism to alert administrators to the list of events linked above draws attention to them to minimize any impact to users and the agency.
-- _Last modified:_ July 10, 2023
+- _Last modified:_ January 2025
 - _Note:_ Any system-defined rules not listed are considered optional but should be reviewed and considered for activation by an administrator.
 
 - MITRE ATT&CK TTP Mapping
@@ -1103,7 +1103,7 @@ At the time of writing, data region policies cannot be applied to data types not
 The data storage region SHALL be set to be the United States for all users in the agency's GWS environment.
 
 - _Rationale_: Without this policy, data could be stored in various regions, potentially exposing it to unauthorized entities. Implementing this policy keeps most data in the U.S., making it harder for potential foreign adversaries to compromise the data.
-- _Last modified:_ October 30, 2023
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1591: Gather Victim Organization Information](https://attack.mitre.org/techniques/T1591/)
@@ -1115,7 +1115,7 @@ The data storage region SHALL be set to be the United States for all users in th
 Data SHALL be processed in the region selected for data at rest.
 
 - _Rationale:_ Without this policy, data could be processed in a region other than the United States, potentially exposing it unauthorized entities. Implementing this policy allows for data sovereignty over organizational data.
-- _Last modified:_ September 20, 2024
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1591: Gather Victim Organization Information](https://attack.mitre.org/techniques/T1591/)
@@ -1180,7 +1180,7 @@ Google Workspace considers some of its services "core services," including Gmail
 Service status for Google services that do not have an individual control SHOULD be set to OFF for everyone.
 
 - _Rationale_: Allowing access to additional google services without a need may create unnecessary vulnerabilities within the Google Workspace environment. By turning these services off, it mitigates the risk by not allowing access.
-- _Last modified:_ June 11, 2024
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
@@ -1194,7 +1194,7 @@ Service status for Google services that do not have an individual control SHOULD
 User access to Early Access Apps SHOULD be disabled.
 
 - _Rationale_: Allowing early access to apps may expose users to apps that have not yet been fully vetted and may still need to undergo robust testing to ensure the latest security standards are met.
-- _Last modified:_ August 7, 2024
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1199: Trusted Relationship](https://attack.mitre.org/techniques/T1199/)
@@ -1273,7 +1273,7 @@ Though use of Google's DLP solution is not strictly required, guidance for confi
 A custom policy SHALL be configured for Google Drive to protect PII and sensitive information as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN).
 
 - _Rationale:_ Users may inadvertently share sensitive information with others who should not have access to it. DLP policies provide a way for agencies to detect and prevent unauthorized disclosures.
-- _Last modified:_ October 25, 2024
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
@@ -1286,7 +1286,7 @@ A custom policy SHALL be configured for Google Drive to protect PII and sensitiv
 A custom policy SHALL be configured for Google Chat to protect PII and sensitive information as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN).
 
 - _Rationale:_ Users may inadvertently share sensitive information with others who should not have access to it. DLP policies provide a way for agencies to detect and prevent unauthorized disclosures.
-- _Last modified:_ October 25, 2024
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
@@ -1298,7 +1298,7 @@ A custom policy SHALL be configured for Google Chat to protect PII and sensitive
 A custom policy SHALL be configured for Gmail to protect PII and sensitive information as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN).
 
 - _Rationale:_ Users may inadvertently share sensitive information with others who should not have access to it. DLP policies provide a way for agencies to detect and prevent unauthorized disclosures.
-- _Last modified:_ October 25, 2024
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
@@ -1310,7 +1310,7 @@ A custom policy SHALL be configured for Gmail to protect PII and sensitive infor
 The action for the above DLP policies SHOULD be set to block external sharing.
 
 - _Rationale:_ Users may inadvertently share sensitive information with others who should not have access to it. DLP policies provide a way for agencies to detect and prevent unauthorized disclosures.
-- _Last modified:_ October 25, 2024
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
@@ -1326,7 +1326,7 @@ The action for the above DLP policies SHOULD be set to block external sharing.
 - [GWS Admin Help \| Prevent data leaks in email & attachments](https://support.google.com/a/answer/14767988?fl=1&sjid=4620103790740920406-NA)
 
 ### Prerequisites
-If using Google's DLP solution, the following editions of Google Workspace include Workspace DLP: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Enterprise Essentials Plus.
+If using Google's DLP solution, the following editions of Google Workspace include Workspace DLP; Frontline Standard; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Enterprise Essentials Plus.
 
 Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Google Workspace license. For Drive DLP, the license must include the Drive log events.
 
diff --git a/scubagoggles/baselines/drive.md b/scubagoggles/baselines/drive.md
index 44ff5532..df3b6ae6 100644
--- a/scubagoggles/baselines/drive.md
+++ b/scubagoggles/baselines/drive.md
@@ -369,7 +369,7 @@ This section addresses Drive for Desktop, a feature that enables users to intera
 Google Drive for Desktop SHOULD be enabled only for authorized devices.
 
 - _Rationale:_ Some users may attempt to use Drive for Desktop to connect unapproved devices (e.g., a personal computer), to the agency's Google Drive. Even if done without malicious intent, this represents a security risk as the agency has no ability audit or protect such computers.
-- _Last modified:_ June 7, 2024
+- _Last modified:_ January 2025
 
 - MITRE ATT&CK TTP Mapping
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)

From bf04dc65740c661b3079aa14694b3cbd474c466c Mon Sep 17 00:00:00 2001
From: mdueltgen <148897369+mdueltgen@users.noreply.github.com>
Date: Tue, 21 Jan 2025 13:29:43 -0500
Subject: [PATCH 2/3] Most recent round of feedback

---
 scubagoggles/baselines/commoncontrols.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scubagoggles/baselines/commoncontrols.md b/scubagoggles/baselines/commoncontrols.md
index 1f06f4b4..45e15c40 100644
--- a/scubagoggles/baselines/commoncontrols.md
+++ b/scubagoggles/baselines/commoncontrols.md
@@ -944,7 +944,7 @@ Google Takeout services SHALL be disabled.
 ### Implementation
 
 #### GWS.COMMONCONTROLS.12.1v0.3 Instructions
-1.  Sign in to https://admin.google.com as an administrator.
+1.  Sign in to [Google Admin console](https://admin.google.com).
 2.  Select **Data** -\> **Data import & export** -\> **Google Takeout**.
 3.  Select **User access to Takeout for Google services**.
 4.  For services without an individual admin control, select **Services without an individual admin control** then **Edit**.
@@ -1260,7 +1260,7 @@ To configure additional services per the policy:
 
 ## 18. Data Loss Prevention
 
-Using data loss prevention (DLP), organizations can create and apply rules to control the content that users can share in files outside the organization. DLP helps you control what users can share and helps prevent unintended exposure of sensitive information.
+Using data loss prevention (DLP), organizations can create and apply rules to control the content that users can share in files outside the organization. DLP helps to prevent unintended exposure of sensitive information.
 
 DLP rules can use predefined content detectors to match PII (e.g., SSN), credentials (e.g., API keys), or specific document types (e.g., source code). Custom rules can also be applied based upon regex match or document labels.
 
@@ -1378,7 +1378,7 @@ Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Goog
 7. Review the rule details, mark the rule as **Active**, and click **Create.**
 
 #### GWS.COMMONCONTROLS.18.4v0.3 Instructions
-1.  For each rule in the **Actions** section follow steps depending on application:
+1.  For each rule in the **Actions** section follow these steps depending on application:
     1. For Google Drive policies select **Block external sharing**.
     2. For Chat policies rules select **Block message** and select **External Conversations** and **Spaces**, **Group chats**, and **1:1 chats**.
     3. For Gmail policies select **Block message** and select **Messages sent to external recipients**.

From 18fefe0475b174541bd05c16ec24b952a70f09cf Mon Sep 17 00:00:00 2001
From: mdueltgen <148897369+mdueltgen@users.noreply.github.com>
Date: Mon, 27 Jan 2025 15:56:18 -0500
Subject: [PATCH 3/3] Next Round of Feedback on 1/24

---
 scubagoggles/baselines/chat.md           |  2 +-
 scubagoggles/baselines/commoncontrols.md | 30 ++++++++++++------------
 scubagoggles/baselines/drive.md          |  6 ++---
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/scubagoggles/baselines/chat.md b/scubagoggles/baselines/chat.md
index 60f81729..d380439f 100644
--- a/scubagoggles/baselines/chat.md
+++ b/scubagoggles/baselines/chat.md
@@ -1,6 +1,6 @@
 # CISA Google Workspace Secure Configuration Baseline for Google Chat
 
-Google Chat is a communication and collaboration tool in Google Workspace that supports direct messaging, group conversations, and content creation and sharing. Chat allows administrators to control and manage their messages and files. This Secure Configuration Baseline (SCB) provides specific policies to strengthen Chat security.
+Google Chat is a communication and collaboration tool in Google Workspace that supports direct messaging, group conversations, content creation, and sharing. Chat allows administrators to control and manage their messages and files. This Secure Configuration Baseline (SCB) provides specific policies to strengthen Chat security.
 
 The Secure Cloud Business Applications (SCuBA) project, run by the Cybersecurity and Infrastructure Security Agency (CISA), provides guidance and capabilities to secure federal civilian executive branch (FCEB) agencies' cloud business application environments and protect federal information that is created, accessed, shared, and stored in those environments.
 
diff --git a/scubagoggles/baselines/commoncontrols.md b/scubagoggles/baselines/commoncontrols.md
index 45e15c40..cdffa2c7 100644
--- a/scubagoggles/baselines/commoncontrols.md
+++ b/scubagoggles/baselines/commoncontrols.md
@@ -950,7 +950,7 @@ Google Takeout services SHALL be disabled.
 4.  For services without an individual admin control, select **Services without an individual admin control** then **Edit**.
 5.  Select **Don't allow for everyone**.
 6.  Click **Save**.
-7.  For services with an individual admin control, under **apps** select the checkbox next to **Service name** and select **Don't allow**.
+7.  For services with an individual admin control, under **Apps** select the checkbox next to **Service name** and select **Don't allow**.
 
 ## 13. System-defined Rules
 
@@ -1015,7 +1015,7 @@ Required system-defined alerting rules, as listed in the Policy group descriptio
 ### Implementation
 
 #### GWS.COMMONCONTROLS.13.1v0.3 Instructions
-1.  Sign in to [Google Admin console](https://admin.google.com).
+1.	Sign in to the [Google Admin console](https://admin.google.com) as an administrator.
 2.  Click **Rules**.
 3.  From the Rules page, click **Add a filter**.
 4.  From the drop-down menu, select **Type**.
@@ -1191,7 +1191,7 @@ Service status for Google services that do not have an individual control SHOULD
     - [T1204:003: Trusted Execution: Malicious Image](https://attack.mitre.org/techniques/T1204/003/)
 
 #### GWS.COMMONCONTROLS.16.2v0.3
-User access to Early Access Apps SHOULD be disabled.
+User access to Early Access apps SHOULD be disabled.
 
 - _Rationale_: Allowing early access to apps may expose users to apps that have not yet been fully vetted and may still need to undergo robust testing to ensure the latest security standards are met.
 - _Last modified:_ January 2025
@@ -1260,7 +1260,7 @@ To configure additional services per the policy:
 
 ## 18. Data Loss Prevention
 
-Using data loss prevention (DLP), organizations can create and apply rules to control the content that users can share in files outside the organization. DLP helps to prevent unintended exposure of sensitive information.
+Using data loss prevention (DLP), organizations can create and apply rules to control the content that users can share in files outside the organization, which helps prevent unintended exposure of sensitive information.
 
 DLP rules can use predefined content detectors to match PII (e.g., SSN), credentials (e.g., API keys), or specific document types (e.g., source code). Custom rules can also be applied based upon regex match or document labels.
 
@@ -1326,7 +1326,7 @@ The action for the above DLP policies SHOULD be set to block external sharing.
 - [GWS Admin Help \| Prevent data leaks in email & attachments](https://support.google.com/a/answer/14767988?fl=1&sjid=4620103790740920406-NA)
 
 ### Prerequisites
-If using Google's DLP solution, the following editions of Google Workspace include Workspace DLP; Frontline Standard; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Enterprise Essentials Plus.
+Google DLP is available to users of the following GWS editions: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; and Enterprise Essentials Plus.
 
 Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Google Workspace license. For Drive DLP, the license must include the Drive log events.
 
@@ -1343,9 +1343,9 @@ Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Goog
 2. In the **Scope** section, apply this rule to the entire domain and click **Continue**.
 3. In the **Apps** section, under **Google Drive**, choose the trigger for **Drive files**, then click **Continue**.
 4. In the **Conditions** section:
-    1. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **Global - Credit card number**. Select the remaining condition properties according to agency need.
-    2. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Individual Taxpayer Identification Number**. Select the remaining condition properties according to agency need.
-    3. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Social Security Number***. Select the remaining condition properties according to agency need.
+    1. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **Global - Credit card number**. Select the remaining condition properties according to agency need.
+    2. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **United States - Individual Taxpayer Identification Number**. Select the remaining condition properties according to agency need.
+    3. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **United States - Social Security Number***. Select the remaining condition properties according to agency need.
     4. Configure other appropriate content and condition definition(s) based upon the agency's individual requirements and click **Continue**.
 5. In the **Actions** section, select **Block external sharing** (per [GWS.COMMONCONTROLS.18.4v0.3](#gwscommoncontrols184v03)).
 6. In the **Alerting** section, choose a severity level, and optionally, check **Send to alert center to trigger notifications**.
@@ -1356,9 +1356,9 @@ Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Goog
 2. In the **Scope** section, apply this rule to the entire domain and click **Continue**.
 3. In the **Apps** section, choose the trigger for **Google Chat, Message sent, File uploaded** then click **Continue**.
 4. In the **Conditions** section:
-    1. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **Global - Credit card number**. Select the remaining condition properties according to agency need.
-    2. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Individual Taxpayer Identification Number**. Select the remaining condition properties according to agency need.
-    3. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Social Security Number***. Select the remaining condition properties according to agency need.
+    1. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **Global - Credit card number**. Select the remaining condition properties according to agency need.
+    2. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **United States - Individual Taxpayer Identification Number**. Select the remaining condition properties according to agency need.
+    3. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **United States - Social Security Number***. Select the remaining condition properties according to agency need.
     4. Configure other appropriate content and condition definition(s) based upon the agency's individual requirements and click **Continue**.
 5. In the **Actions** section, select **Block**. Under **Select when this action should apply**, select **External Conversations**, **Spaces**, **Group chats**, and **1:1 chats** (See [GWS.COMMONCONTROLS.18.4v0.3](#gwscommoncontrols184v03)).
 6. In the **Alerting** section, choose a severity level, and optionally, check **Send to alert center to trigger notifications**.
@@ -1369,9 +1369,9 @@ Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Goog
 2. In the **Scope** section, apply this rule to the entire domain and click **Continue**.
 3. In the **Apps** section, choose the trigger for **Gmail, Message sent** then click **Continue**.
 4. In the **Conditions** section:
-    1. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **Global - Credit card number**. Select the remaining condition properties according to agency need.
-    2. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Individual Taxpayer Identification Number**. Select the remaining condition properties according to agency need.
-    3. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Social Security Number***. Select the remaining condition properties according to agency need.
+    1. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **Global - Credit card number**. Select the remaining condition properties according to agency need.
+    2. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **United States - Individual Taxpayer Identification Number**. Select the remaining condition properties according to agency need.
+    3. Click **Add Condition**. For **Content type to scan**, select **All content**. For **What to scan for**, select **Matches predefined data type**. For **Select data type**, select **United States - Social Security Number***. Select the remaining condition properties according to agency need.
     4. Configure other appropriate content and condition definition(s) based upon the agency's individual requirements and click **Continue**.
 5. In the **Actions** section, select **Block message**. Under **Select when this action should apply**, check **Messages sent to external recipients** (See [GWS.COMMONCONTROLS.18.4v0.3](#gwscommoncontrols184v03)).
 6. In the **Alerting** section, choose a severity level, and optionally, check **Send to alert center to trigger notifications**.
@@ -1381,5 +1381,5 @@ Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Goog
 1.  For each rule in the **Actions** section follow these steps depending on application:
     1. For Google Drive policies select **Block external sharing**.
     2. For Chat policies rules select **Block message** and select **External Conversations** and **Spaces**, **Group chats**, and **1:1 chats**.
-    3. For Gmail policies select **Block message** and select **Messages sent to external recipients**.
+    3. For Gmail policies select **Block message**, and then select **Messages sent to external recipients**.
 2. Click **Continue**.
diff --git a/scubagoggles/baselines/drive.md b/scubagoggles/baselines/drive.md
index df3b6ae6..658034db 100644
--- a/scubagoggles/baselines/drive.md
+++ b/scubagoggles/baselines/drive.md
@@ -269,7 +269,7 @@ Agencies SHALL enable the security update for Drive files.
 
 ### Resources
 
--   [Google Workspace Admin Help: Security update for Google Drive](https://support.google.com/a/answer/10685032?hl=en-EN&fl=1&sjid=14749870194899350730-NA)
+-   [Google Workspace Admin Help: Manage the link-sharing security update for files](https://support.google.com/a/answer/10685032?hl=en-EN&fl=1&sjid=14749870194899350730-NA)
 
 ### Prerequisites
 
@@ -388,14 +388,14 @@ Google Drive for Desktop SHOULD be enabled only for authorized devices.
 #### GWS.DRIVEDOCS.6.1v0.3 Instructions
 To Disable Google Drive for Desktop:
 
-1.  Sign in to the [Google Admin Console](https://admin.google.com).
+1.	Sign in to the [Google Admin console](https://admin.google.com) as an administrator.
 2.  Select **Menu-\>Apps-\>Google Workspace-\>Drive and Docs-\>Google Drive for Desktop**.
 3.  Uncheck the **Allow Google Drive for desktop in your organization box** checkbox
 4.  Select **Save.**
 
 To limit Google Drive for Desktop to authorized devices:
 
-1.  Sign in to the [Google Admin Console](https://admin.google.com).
+1.	Sign in to the [Google Admin console](https://admin.google.com) as an administrator.
 2.  Select **Menu-\>Apps-\>Google Workspace-\>Drive and Docs-\>Google Drive for Desktop**.
 3.  Check the **Allow Google Drive for desktop in your organization box** checkbox.
 4.  Check the **Only allow Google Drive for desktop on authorized devices checkbox**.