Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wording Changes for Calendar Baseline per Issue 135 #136

Merged
merged 5 commits into from
Jan 17, 2024
Merged

Wording Changes for Calendar Baseline per Issue 135 #136

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
1167b8e
Addresses issues in 135
jkaufman-mitre Jan 5, 2024
be6dee8
Update baselines/Google Calendar Minimum Viable Secure Configuration …
jkaufman-mitre Jan 5, 2024
f705559
Update baselines/Google Calendar Minimum Viable Secure Configuration …
jkaufman-mitre Jan 5, 2024
72cd232
Update baselines/Google Calendar Minimum Viable Secure Configuration …
jkaufman-mitre Jan 5, 2024
32801aa
Merge branch 'main' into calendar-changes-1
adhilto Jan 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions baselines/Google Calendar Minimum Viable Secure Configuration Baseline v0.1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ This section determines what information is shared from calendars with external
### Policies

#### GWS.CALENDAR.1.1v0.1
External Sharing Options for Primary Calendars SHALL be configured to "Only free/busy information (hide event details)" to restrict information sharing and prevent data leakage.
External Sharing Options for Primary Calendars SHALL be configured to "Only free/busy information (hide event details)."

- Rationale
- Prevent data leakage by restricting the amount of information that is externally viewable when a user shares their calendar with someone external to your organization.
Expand All @@ -46,7 +46,7 @@ External Sharing Options for Primary Calendars SHALL be configured to "Only free
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)

#### GWS.CALENDAR.1.2v0.1
External sharing options for secondary calendars SHALL be configured to "Only free/busy information (hide event details)" to restrict information sharing and prevent data leakage.
External sharing options for secondary calendars SHALL be configured to "Only free/busy information (hide event details)."

- Rationale
- Prevent data leakage by restricting the amount of information that is externally viewable when a user shares their calendar with someone external to your organization.
Expand Down Expand Up @@ -135,11 +135,13 @@ Due to the added complexity and attack surface associated with configuring Calen
### Policies

#### GWS.CALENDAR.3.1v0.1
Calendar Interop SHOULD be disabled unless agency mission fulfillment requires collaboration between users internal and external to an organization who use both Microsoft Exchange and Google Calendar.
Calendar Interop SHOULD be disabled.

- Rationale
- Prevent information exchange between Microsoft and Google calendars for users using both services, unless it is required by the organization.
- Minimize attack surface by not enabling this feature which relies on Exchange Web Services for information exchange between Microsoft and Google calendars, unless required by the organization.
- Last Modified: July 10, 2023
- Notes
- This policy applies unless agency mission fulfillment requires collaboration between users internal and external to an organization who use both Microsoft Exchange and Google Calendar

- MITRE ATT&CK TTP Mapping
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
Expand Down