Removed Attachment Filtering Policies per Issue 62 (#156)

* Removed Attachment Filtering Policies per Issue 409 * Deleted group 19 gmail * Fixed TOC * Fixed Drift Rules file --------- Co-authored-by: Alden Hilton <[email protected]>
cisagov · Jan 26, 2024 · 5a7e28f · 5a7e28f
1 parent 8fbf273
commit 5a7e28f
Show file tree

Hide file tree

Showing 4 changed files with 0 additions and 143 deletions.
diff --git a/Testing/RegoTests/gmail/gmail19_test.rego b/Testing/RegoTests/gmail/gmail19_test.rego
diff --git a/baselines/Gmail Minimum Viable Secure Configuration Baseline v0.1.md b/baselines/Gmail Minimum Viable Secure Configuration Baseline v0.1.md
@@ -28,7 +28,6 @@ This baseline is based on Google documentation available at the [Gmail Google Wo
 - [Security Sandbox](#16-security-sandbox)
 - [Comprehensive Mail Storage](#17-comprehensive-mail-storage)
 - [Content Compliance Filtering](#18-content-compliance-filtering)
-- [Attachment Compliance Filtering](#19-attachment-compliance-filtering)
 
 
 Within Google Workspace, settings can be assigned to users through organizational units, configuration groups, or individually. Before changing a setting, the user can select the organizational unit, configuration group, or individual users to which they want to apply changes.
@@ -1229,96 +1228,3 @@ To configure the settings for Objectionable content:
 
 #### GWS.GMAIL.18.3v0.1 Instructions
 1.  There is no implementation steps for this policy.
-
-
-## 19. Attachment Compliance Filtering
-
-This section determines whether attachments are filtered based on file type, file name, and message size. The compliance actions based upon the word lists are reject, quarantine, or deliver with modifications.
-
-A Google Workspace solution is not strictly required to satisfy this baseline control, but the solution selected by an agency should offer services comparable to those offered by Google.
-
-### Policies
-
-#### GWS.GMAIL.19.1v0.1
-Attachment compliance SHOULD be enabled to filter specific attachments within Gmail messages.
-
-- Rationale
-  - This allows filtering of confidential/sensitive information from Gmail messages stored within specific file attachments to help prevent unauthorized or accidental sharing.
-- Last Modified: July 10, 2023
-
-- MITRE ATT&CK TTP Mapping
-  - [T1566: Phishing](https://attack.mitre.org/techniques/T1566/)
-    - [T1566:001: Phishing: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001/)
-  - [T1204: User Execution](https://attack.mitre.org/techniques/T1204/)
-    - [T1204:002: User Execution: Malicious File](https://attack.mitre.org/techniques/T1204/002/)
-
-#### GWS.GMAIL.19.2v0.1
-The attachment filter SHOULD attempt to determine the true file type and assess the file extension.
-
-- Rationale
-  - This allows filtering of confidential/sensitive information from Gmail messages stored within specific file attachments to help prevent unauthorized or accidental sharing.
-- Last Modified: July 10, 2023
-
-- MITRE ATT&CK TTP Mapping
-  - [T1566: Phishing](https://attack.mitre.org/techniques/T1566/)
-    - [T1566:001: Phishing: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001/)
-  - [T1204: User Execution](https://attack.mitre.org/techniques/T1204/)
-    - [T1204:002: User Execution: Malicious File](https://attack.mitre.org/techniques/T1204/002/)
-
-#### GWS.GMAIL.19.3v0.1
-The set of disallowed file types SHALL be determined.
-
-- Rationale
-  - This allows filtering of confidential/sensitive information from Gmail messages stored within specific file attachments to help prevent unauthorized or accidental sharing. This also helps protect the organization from attacks based on specific file types.
-- Last Modified: July 10, 2023
-
-- MITRE ATT&CK TTP Mapping
-  - [T1566: Phishing](https://attack.mitre.org/techniques/T1566/)
-    - [T1566:001: Phishing: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001/)
-  - [T1204: User Execution](https://attack.mitre.org/techniques/T1204/)
-    - [T1204:002: User Execution: Malicious File](https://attack.mitre.org/techniques/T1204/002/)
-
-#### GWS.GMAIL.19.4v0.1
-Any third-party or outside application selected for attachment compliance filtering SHOULD offer services comparable to those offered by Google Workspace.
-
-- Rationale
-  - A third-party system should provide the same minimum functionality provided by Google.
-- Last Modified: July 10, 2023
-
-- MITRE ATT&CK TTP Mapping
-  - [T1566: Phishing](https://attack.mitre.org/techniques/T1566/)
-    - [T1566:001: Phishing: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001/)
-  - [T1204: User Execution](https://attack.mitre.org/techniques/T1204/)
-    - [T1204:002: User Execution: Malicious File](https://attack.mitre.org/techniques/T1204/002/)
-
-### Resources
-
--   [Google Workspace Admin Help: Content filtering with rules](https://support.google.com/a/topic/9974692?hl=en&ref_topic=2683824)
-
-### Prerequisites
-
--   N/A
-
-### Implementation
-
-To configure the settings for Attachment Compliance:
-
-#### GWS.GMAIL.19.1v0.1 Instructions
-1.  Sign in to the [Google Admin Console](https://admin.google.com).
-2.  Select **Apps -\> Google Workspace -\> Gmail**.
-3.  Select **Compliance -\> Attachment compliance**.
-4.  If **Attachment compliance** filtering is enabled, then the configuration needs to be completed and consists of the following fields:
-    1.  A short description.
-    2.  Email messages to affect.
-    3.  Expressions for content to search for in messages.
-    4.  Compliance action options.
-5.  Select **Save**.
-
-#### GWS.GMAIL.19.2v0.1 Instructions
-1.  There is no implementation steps for this policy
-
-#### GWS.GMAIL.19.3v0.1 Instructions
-1.  There is no implementation steps for this policy
-
-#### GWS.GMAIL.19.4v0.1 Instructions
-1.  There is no implementation steps for this policy
diff --git a/drift-rules/GWS Drift Monitoring Rules - Gmail.csv b/drift-rules/GWS Drift Monitoring Rules - Gmail.csv
@@ -51,7 +51,3 @@ GWS.GMAIL.17.1v0.1,Comprehensive mail storage SHOULD be enabled to ensure inform
 GWS.GMAIL.18.1v0.1,Content filtering SHOULD be enabled within Gmail messages.,N/A,N/A,N/A,N/A,N/A,Not Alertable
 GWS.GMAIL.18.2v0.1,Any third-party or outside application selected for advanced email content filtering SHOULD offer services comparable to those offered by Google Workspace.,N/A,N/A,N/A,N/A,N/A,Not Alertable
 GWS.GMAIL.18.3v0.1,"Gmail or third-party applications SHALL be configured to protect PII and sensitive information as defined by the agency. At a minimum, credit card numbers, taxpayer Identification Numbers (TIN), and Social Security Numbers (SSN) SHALL be blocked.",N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.19.1v0.1,Attachment compliance SHOULD be enabled to filter specific attachments within Gmail messages.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.19.2v0.1,The attachment filter SHOULD attempt to determine the true file type and assess the file extension.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.19.3v0.1,The set of disallowed file types SHALL be determined.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.19.4v0.1,Any third-party or outside application selected for attachment compliance filtering SHOULD offer services comparable to those offered by Google Workspace.,N/A,N/A,N/A,N/A,N/A,Not Alertable
diff --git a/rego/Gmail.rego b/rego/Gmail.rego
@@ -1698,24 +1698,4 @@ tests contains {
     "RequirementMet": false,
     "NoSuchEvent": false
 }
-#--
-
-
-################
-# GWS.GMAIL.19 #
-################
-
-#
-# Baseline GWS.GMAIL.19.1v0.1
-#--
-# At this time we are unable to test because settings are configured in the GWS Admin Console
-# and not available within the generated logs
-tests contains {
-    "PolicyId": "GWS.GMAIL.19.1v0.1",
-    "Criticality": "Should/Not-Implemented",
-    "ReportDetails": "Currently not able to be tested automatically; please manually check.",
-    "ActualValue": "",
-    "RequirementMet": false,
-    "NoSuchEvent": false
-}
 #--