Skip to content

Commit

Permalink
Wording Changes for Calendar Baseline per Issue 135 (#136)
Browse files Browse the repository at this point in the history 
* Move policy qualifiers and reasoning to the rationale and notes sections as appropriate.

---------

Co-authored-by: Thomas Comeau (MITRE) <[email protected]>
Co-authored-by: Alden Hilton <[email protected]>
  • Loading branch information
@jkaufman-mitre @tmcomeau @adhilto
3 people authored Jan 17, 2024
1 parent b821271 commit a3a7b06
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions baselines/Google Calendar Minimum Viable Secure Configuration Baseline v0.1.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ This section determines what information is shared from calendars with external
### Policies

#### GWS.CALENDAR.1.1v0.1
External Sharing Options for Primary Calendars SHALL be configured to "Only free/busy information (hide event details)" to restrict information sharing and prevent data leakage.
External Sharing Options for Primary Calendars SHALL be configured to "Only free/busy information (hide event details)."

- Rationale
- Prevent data leakage by restricting the amount of information that is externally viewable when a user shares their calendar with someone external to your organization.
Expand All @@ -46,7 +46,7 @@ External Sharing Options for Primary Calendars SHALL be configured to "Only free
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)

#### GWS.CALENDAR.1.2v0.1
External sharing options for secondary calendars SHALL be configured to "Only free/busy information (hide event details)" to restrict information sharing and prevent data leakage.
External sharing options for secondary calendars SHALL be configured to "Only free/busy information (hide event details)."

- Rationale
- Prevent data leakage by restricting the amount of information that is externally viewable when a user shares their calendar with someone external to your organization.
Expand Down Expand Up @@ -135,11 +135,13 @@ Due to the added complexity and attack surface associated with configuring Calen
### Policies

#### GWS.CALENDAR.3.1v0.1
Calendar Interop SHOULD be disabled unless agency mission fulfillment requires collaboration between users internal and external to an organization who use both Microsoft Exchange and Google Calendar.
Calendar Interop SHOULD be disabled.

- Rationale
- Prevent information exchange between Microsoft and Google calendars for users using both services, unless it is required by the organization.
- Minimize attack surface by not enabling this feature which relies on Exchange Web Services for information exchange between Microsoft and Google calendars, unless required by the organization.
- Last Modified: July 10, 2023
- Notes
- This policy applies unless agency mission fulfillment requires collaboration between users internal and external to an organization who use both Microsoft Exchange and Google Calendar

- MITRE ATT&CK TTP Mapping
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
Expand Down

0 comments on commit a3a7b06

Please sign in to comment.