Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removed 1.2 and 3.2 from the Calendar Baseline per Issue 133 #134

Merged
merged 15 commits into from
Jan 17, 2024
Merged

Removed 1.2 and 3.2 from the Calendar Baseline per Issue 133 #134

merged 15 commits into from
Jan 17, 2024

Conversation

jkaufman-mitre
Copy link
Collaborator

@jkaufman-mitre jkaufman-mitre commented Jan 4, 2024
edited
Loading

Removed the following policies from the Calendar baseline:

  • CALENDAR.1.2v0.1
  • CALENDAR.3.2v0.1

Fixes #133

@jkaufman-mitre jkaufman-mitre self-assigned this Jan 4, 2024
@tmcomeau
Copy link
Collaborator

tmcomeau commented Jan 4, 2024

Removed the following policies from the Calendar baseline:

* CALENDAR.1.2v0.1

* CALENDAR.3.2v0.1

After initial review of @adhilto comments these are being recommended for removal. Not only do we concur with the comment regarding this being confusing, but there is also overlap with 1.1 and 3.1, respectively. Lastly, there are is no separate admin control for either 1.2 or 3.2 which makes this more of a general recommendation and not a configuration item for a secure configuration baseline.

tmcomeau
tmcomeau requested changes Jan 4, 2024
View reviewed changes
Copy link
Collaborator

@tmcomeau tmcomeau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't forget to also remove the implementation steps for GWS.CALENDAR.1.2v0.1 and GWS.CALENDAR.3.2v0.1. It looks like this PR only removes the policies.

@jkaufman-mitre jkaufman-mitre requested a review from adhilto January 5, 2024 16:52
@jkaufman-mitre
Copy link
Collaborator Author

Removed the implementation steps for removed policies and fixed the drift rules file.

@tmcomeau
Copy link
Collaborator

tmcomeau commented Jan 5, 2024

This one has code impact (policy removal). Does it make sense to also address the code changes via this branch/PR and then once the reviewers are happy with both the content/code changes we can tag in @mitchelbaker-cisa for final review so he doesn't have to watch the previous reviews and go-backs etc?

@jkaufman-mitre jkaufman-mitre changed the title Addresses comments in issue 133 Removed 1.2 and 3.2 from the Calendar Baseline per Issue 133 Jan 8, 2024
@adhilto
Copy link
Collaborator

adhilto commented Jan 8, 2024

This one has code impact (policy removal). Does it make sense to also address the code changes via this branch/PR and then once the reviewers are happy with both the content/code changes we can tag in @mitchelbaker-cisa for final review so he doesn't have to watch the previous reviews and go-backs etc?

Yes Tommy, I like that approach. Once #141 is merged in I'll make the needed code changes to this branch. I'll mark this as blocked until then.

@adhilto adhilto added the blocked This issue or pull request is awaiting the outcome of another issue or pull request label Jan 8, 2024
@adhilto
Copy link
Collaborator

adhilto commented Jan 8, 2024

@jkaufman-mitre What do you think about putting GWS.CALENDAR.1.1 and GWS.CALENDAR.3.1 into the same group? They're both related and that would prevent two singleton groups.

Something like this:

  1. External Sharing Options
    GWS.CALENDAR.1.1 External Sharing Options for Primary Calendars SHALL be configured to "Only free/busy information (hide event details)"
    GWS.CALENDAR.1.2 External sharing options for secondary calendars SHALL be configured to "Only free/busy information (hide event details)"

@adhilto adhilto mentioned this pull request Jan 9, 2024
Merged
@adhilto adhilto removed the request for review from buidav January 9, 2024 00:24
@adhilto adhilto changed the base branch from main to 124-feedback-no-guifront-end-availability-solution January 16, 2024 01:31
@adhilto adhilto changed the base branch from 124-feedback-no-guifront-end-availability-solution to main January 16, 2024 01:31
@adhilto adhilto removed the blocked This issue or pull request is awaiting the outcome of another issue or pull request label Jan 16, 2024
@adhilto
Copy link
Collaborator

adhilto commented Jan 16, 2024

I just added the needed rego changes. @jkaufman-mitre did you see my earlier comment about putting 1.1 and 3.1 into the same group? I'll hold off on finishing my review until I hear back about that.

@jkaufman-mitre
Copy link
Collaborator Author

@adhilto I will merge the two together.

@jkaufman-mitre
Copy link
Collaborator Author

@adhilto Just made the changes to merge the two groups.

adhilto
adhilto requested changes Jan 16, 2024
View reviewed changes
Copy link
Collaborator

@adhilto adhilto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update. Just one more thing, don't forget to update the table of contents to reflect merging the two calendar sharing options groups together.

@jkaufman-mitre
Copy link
Collaborator Author

@adhilto Just fixed the TOC.

@adhilto
Copy link
Collaborator

adhilto commented Jan 17, 2024

@adhilto Just fixed the TOC.

It looks like it might not have pushed correctly, because I'm not seeing the changes on this branch yet.

@adhilto adhilto merged commit b821271 into main Jan 17, 2024
2 checks passed
@buidav buidav deleted the calendar-changes-2 branch January 30, 2024 02:33
@adhilto adhilto added this to the TBD 0.2 Milestone milestone Feb 21, 2024
@mitchelbaker-cisa mitchelbaker-cisa mentioned this pull request Apr 1, 2024
Closed
23 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adhilto adhilto adhilto approved these changes

@tmcomeau tmcomeau tmcomeau approved these changes

@LaurenBassett LaurenBassett LaurenBassett approved these changes

Assignees

@jkaufman-mitre jkaufman-mitre

Labels
Baseline Revision High
Projects
None yet
Milestone
Barracuda
Development

Successfully merging this pull request may close these issues.

Remove CALENDAR.1.2 and CALENDAR.3.2
4 participants
@jkaufman-mitre @tmcomeau @adhilto @LaurenBassett