Re-numbered policy group 2 and fixed drift rules.

cisagov · Jan 16, 2024 · 5464695 · 5464695
1 parent c1a4ae7
commit 5464695
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 15 deletions.
diff --git a/...ines/Google Drive and Docs Minimum Viable Secure Configuration Baseline v0.1.md b/...ines/Google Drive and Docs Minimum Viable Secure Configuration Baseline v0.1.md
@@ -196,7 +196,7 @@ This section covers whether users can create new shared drives to share with oth
 
 ### Policies
 
-#### GWS.DRIVEDOCS.2.2v0.1
+#### GWS.DRIVEDOCS.2.1v0.1
 Agencies SHOULD NOT allow members with manager access to override shared drive creation settings.
 
 - Rationale
@@ -206,7 +206,7 @@ Agencies SHOULD NOT allow members with manager access to override shared drive c
 - MITRE ATT&CK TTP Mapping
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
 
-#### GWS.DRIVEDOCS.2.3v0.1
+#### GWS.DRIVEDOCS.2.2v0.1
 Agencies SHOULD NOT allow users outside of their organization to access files in shared drives.
 
 - Rationale
@@ -216,7 +216,7 @@ Agencies SHOULD NOT allow users outside of their organization to access files in
 - MITRE ATT&CK TTP Mapping
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
 
-#### GWS.DRIVEDOCS.2.4v0.1
+#### GWS.DRIVEDOCS.2.3v0.1
 Agencies SHALL allow users who are not shared drive members to be added to files.
 
 - Rationale
@@ -226,7 +226,7 @@ Agencies SHALL allow users who are not shared drive members to be added to files
 - MITRE ATT&CK TTP Mapping
   - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
 
-#### GWS.DRIVEDOCS.2.5v0.1
+#### GWS.DRIVEDOCS.2.4v0.1
 Agencies SHALL NOT allow viewers and commenters to download, print, and copy files.
 
 - Rationale
@@ -257,18 +257,15 @@ To configure the settings for Shared drive creation:
 5.  Select **Save**
 
 #### GWS.DRIVEDOCS.2.1v0.1 Instructions
-1.  Uncheck the **Prevent users in organization from creating new shared drives** checkbox.
-
-#### GWS.DRIVEDOCS.2.2v0.1 Instructions
 1.  Uncheck the **Allow members with manager access to override the settings below** checkbox.
 
-#### GWS.DRIVEDOCS.2.3v0.1 Instructions
+#### GWS.DRIVEDOCS.2.2v0.1 Instructions
 1.  Uncheck the **Allow users outside organization to access files in shared drives** checkbox.
 
-#### GWS.DRIVEDOCS.2.4v0.1 Instructions
+#### GWS.DRIVEDOCS.2.3v0.1 Instructions
 1.  Check the **Allow people who aren't shared drive members to be added to files** checkbox.
 
-#### GWS.DRIVEDOCS.2.5v0.1 Instructions
+#### GWS.DRIVEDOCS.2.4v0.1 Instructions
 1.  Check the **Allow viewers and commenters to download, print, and copy files** checkbox.
 
 ## 3. Security Updates for Files

diff --git a/drift-rules/GWS Drift Monitoring Rules - Drive and Docs.csv b/drift-rules/GWS Drift Monitoring Rules - Drive and Docs.csv
@@ -7,11 +7,10 @@ GWS.DRIVEDOCS.1.5v0.1,Agencies SHALL disable making files and published web cont
 GWS.DRIVEDOCS.1.6v0.1,Agencies SHALL enable access checking for file sharing outside of Docs or Drive.,Admin Log Event,Change Drive Setting,SHARING_ACCESS_CHECKER_OPTIONS,DOMAIN_OR_NAMED_PARTIES,rules/00gjdgxs2qv9x6y,JK 08-02-23 @ 12:59
 GWS.DRIVEDOCS.1.7v0.1,Agencies SHALL NOT allow any users to distribute content from an organization-owned shared drive to shared drives owned by another organizations.,Admin Log Event,Change Drive Setting,SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS,CROSS_DOMAIN_FROM_INTERNAL_ONLY,rules/00gjdgxs2bll5l2,JK 09-26-23 @ 09:24
 GWS.DRIVEDOCS.1.8v0.1,Agencies SHALL ensure that newly created items assume the default access level of Private to the Owner.,Admin Log Event,Change Drive Setting,DEFAULT_LINK_SHARING_FOR_NEW_DOCS,PRIVATE,rules/00gjdgxs1jfq3ds,JK 08-02-23 @ 13:28
-GWS.DRIVEDOCS.2.1v0.1,Agencies SHOULD enable shared drive creation to allow for effective collaboration.,Admin Log Event,Change Application Setting,Shared Drive Creation CanCreateSharedDrives,true,rules/00gjdgxs3nclhql,JK 08-02-23 @ 13:37
-GWS.DRIVEDOCS.2.2v0.1,Agencies SHOULD NOT allow members with manager access to override shared drive creation settings.,Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_admin_only,true,rules/00gjdgxs418trv6,JK 08-02-23 @ 13:44
-GWS.DRIVEDOCS.2.3v0.1,Agencies SHOULD NOT allow users outside of their organization to access files in shared drives.,Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_restricts_cross_domain_access,true,rules/00gjdgxs1o31qud,JK 08-02-23 @ 14:12
-GWS.DRIVEDOCS.2.4v0.1,Agencies SHALL allow users who are not shared drive members to be added to files.,Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_restricts_direct_access,true,rules/00gjdgxs3mcxcll,JK 08-02-23 @ 14:23
-GWS.DRIVEDOCS.2.5v0.1,"Agencies SHALL NOT allow viewers and commenters to download, print, and copy files.",Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_restricts_download,true,rules/00gjdgxs18yk89t,JK 08-02-23 @ 14:30
+GWS.DRIVEDOCS.2.1v0.1,Agencies SHOULD NOT allow members with manager access to override shared drive creation settings.,Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_admin_only,true,rules/00gjdgxs418trv6,JK 08-02-23 @ 13:44
+GWS.DRIVEDOCS.2.2v0.1,Agencies SHOULD NOT allow users outside of their organization to access files in shared drives.,Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_restricts_cross_domain_access,true,rules/00gjdgxs1o31qud,JK 08-02-23 @ 14:12
+GWS.DRIVEDOCS.2.3v0.1,Agencies SHALL allow users who are not shared drive members to be added to files.,Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_restricts_direct_access,true,rules/00gjdgxs3mcxcll,JK 08-02-23 @ 14:23
+GWS.DRIVEDOCS.2.4v0.1,"Agencies SHALL NOT allow viewers and commenters to download, print, and copy files.",Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_restricts_download,true,rules/00gjdgxs18yk89t,JK 08-02-23 @ 14:30
 GWS.DRIVEDOCS.3.1v0.1,Agencies SHALL enable security updates for Drive files.,Admin Log Event,Change Application Setting,Link Security Update Settings less_secure_link_option,REMOVE_LESS_SECURE_LINKS,rules/00gjdgxs0mrpx7o,JK 08-02-23 @ 14:41
 GWS.DRIVEDOCS.4.1v0.1,Agencies SHOULD disable Drive SDK access to restrict information sharing and prevent data leakage.,Admin Log Event,Change Drive Setting,ENABLE_DRIVE_APPS,true,rules/00gjdgxs1mm4n4i,JK 08-02-23 @ 14:49
 GWS.DRIVEDOCS.5.1v0.1,Agencies SHALL disable Add-Ons with the exception of those that are approved within the organization.,Admin Log Event,Change Drive Setting,ENABLE_DOCS_ADD_ONS,false,rules/00gjdgxs4d794jn,JK 08-02-23 @ 15:14