diff --git a/plugin/pom.xml b/plugin/pom.xml
index 45d463e33..19c2da6ef 100644
--- a/plugin/pom.xml
+++ b/plugin/pom.xml
@@ -57,7 +57,7 @@
             <dependency>
                 <groupId>org.jenkins-ci.plugins</groupId>
                 <artifactId>script-security</artifactId>
-                <version>1388.v9907110c2f80</version> <!-- https://github.com/jenkinsci/script-security-plugin/pull/584 -->
+                <version>1392.v64f458436d13</version> <!-- https://github.com/jenkinsci/script-security-plugin/pull/584 -->
             </dependency>
         </dependencies>
     </dependencyManagement>
diff --git a/plugin/src/main/java/org/jenkinsci/plugins/workflow/cps/config/CPSConfiguration.java b/plugin/src/main/java/org/jenkinsci/plugins/workflow/cps/config/CPSConfiguration.java
index 1aed31cb7..300cc1ba6 100644
--- a/plugin/src/main/java/org/jenkinsci/plugins/workflow/cps/config/CPSConfiguration.java
+++ b/plugin/src/main/java/org/jenkinsci/plugins/workflow/cps/config/CPSConfiguration.java
@@ -66,6 +66,16 @@ public CPSConfiguration() {
         }
     }
 
+    public boolean isHideSandbox() {
+        return ScriptApproval.get().isForceSandbox();
+    }
+
+    public void setHideSandbox(boolean hideSandbox) {
+        this.hideSandbox = hideSandbox;
+        ScriptApproval.get().setForceSandbox(hideSandbox);
+        save();
+    }
+
     @NonNull
     @Override
     public GlobalConfigurationCategory getCategory() {
diff --git a/plugin/src/test/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinitionTest.java b/plugin/src/test/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinitionTest.java
index 7ee02f154..cb68e9dbe 100644
--- a/plugin/src/test/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinitionTest.java
+++ b/plugin/src/test/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinitionTest.java
@@ -373,6 +373,18 @@ public void cpsScriptSandboxHide() throws Exception {
         }
     }
 
+    @Test
+    public void cpsConfigurationSandboxToScriptApprovalSandbox() throws Exception{
+        //Deprecated CPSConfiguration should update ScriptApproval forceSandbox logic to keep casc compatibility
+        ScriptApproval.get().setForceSandbox(false);
+
+        CPSConfiguration.get().setHideSandbox(true);
+        assertTrue(ScriptApproval.get().isForceSandbox());
+
+        ScriptApproval.get().setForceSandbox(false);
+        assertFalse(CPSConfiguration.get().isHideSandbox());
+    }
+
     @Test
     public void cpsScriptSignatureException() throws Exception {
         ScriptApproval.get().setForceSandbox(false);
diff --git a/plugin/src/test/java/org/jenkinsci/plugins/workflow/cps/JcascTest.java b/plugin/src/test/java/org/jenkinsci/plugins/workflow/cps/JcascTest.java
new file mode 100644
index 000000000..aba7c9ae0
--- /dev/null
+++ b/plugin/src/test/java/org/jenkinsci/plugins/workflow/cps/JcascTest.java
@@ -0,0 +1,42 @@
+package org.jenkinsci.plugins.workflow.cps;
+
+import io.jenkins.plugins.casc.ConfigurationContext;
+import io.jenkins.plugins.casc.ConfiguratorRegistry;
+import io.jenkins.plugins.casc.misc.ConfiguredWithCode;
+import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithCodeRule;
+import io.jenkins.plugins.casc.model.CNode;
+import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval;
+import org.junit.ClassRule;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static io.jenkins.plugins.casc.misc.Util.getSecurityRoot;
+import static io.jenkins.plugins.casc.misc.Util.toStringFromYamlFile;
+import static io.jenkins.plugins.casc.misc.Util.toYamlString;
+
+public class JcascTest {
+
+    @ClassRule(order = 1)
+    @ConfiguredWithCode("casc_test.yaml")
+    public static JenkinsConfiguredWithCodeRule j = new JenkinsConfiguredWithCodeRule();
+
+    /**
+     * Check that CASC for security.cps.hideSandbox is sending the value to ScriptApproval.get().isForceSandbox()
+     * @throws Exception
+     */
+    @Test
+    public void cascHideSandBox() throws Exception {
+        assertTrue(ScriptApproval.get().isForceSandbox());
+    }
+
+    @Test
+    public void cascExport() throws Exception {
+        ConfiguratorRegistry registry = ConfiguratorRegistry.get();
+        ConfigurationContext context = new ConfigurationContext(registry);
+        CNode yourAttribute = getSecurityRoot(context).get("cps");
+        String exported = toYamlString(yourAttribute);
+        String expected = toStringFromYamlFile(this, "casc_test_expected.yaml");
+        assertEquals(exported, expected);
+    }
+}
diff --git a/plugin/src/test/resources/org/jenkinsci/plugins/workflow/cps/casc_test.yaml b/plugin/src/test/resources/org/jenkinsci/plugins/workflow/cps/casc_test.yaml
new file mode 100644
index 000000000..04fa77f0a
--- /dev/null
+++ b/plugin/src/test/resources/org/jenkinsci/plugins/workflow/cps/casc_test.yaml
@@ -0,0 +1,3 @@
+security:
+  cps:
+    hideSandbox: true
\ No newline at end of file
diff --git a/plugin/src/test/resources/org/jenkinsci/plugins/workflow/cps/casc_test_expected.yaml b/plugin/src/test/resources/org/jenkinsci/plugins/workflow/cps/casc_test_expected.yaml
new file mode 100644
index 000000000..1852e7be5
--- /dev/null
+++ b/plugin/src/test/resources/org/jenkinsci/plugins/workflow/cps/casc_test_expected.yaml
@@ -0,0 +1 @@
+hideSandbox: true