Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drive_Docs Changes to 1.6 and 6.1 #311

Merged
merged 13 commits into from
Jul 30, 2024
Merged

Drive_Docs Changes to 1.6 and 6.1 #311

merged 13 commits into from
Jul 30, 2024

Conversation

jkaufman-mitre
Copy link
Collaborator

@jkaufman-mitre jkaufman-mitre commented Jun 7, 2024
edited by mdueltgen
Loading

🗣 Description

The following changes were made to the Drive_Docs baselines:

  • Adjusted Drive_Docs 1.6 to not allow agencies to set access checker to public
  • Adjusted Drive_Docs 6.1 to say that agencies SHOULD set Drive for Desktop to authorized devices only
  • Added the changes to DRIVEDOCS.3.1v0.2

💭 Motivation and context

Closes #142.
Closes #289.
Closes #302.
Closes #313.

🧪 Testing

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • If applicable, All future TODOs are captured in issues, which are referenced in the PR description.
  • The relevant issues PR resolves are linked preferably via closing keywords.
  • All relevant type-of-change labels have been added.
  • I have read and agree to the CONTRIBUTING.md document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.

✅ Pre-merge Checklist

  • This PR has been smoke tested to ensure main is in a functional state when this PR is merged.
  • Squash all commits into one PR level commit using the Squash and merge button.

✅ Post-merge Checklist

  • Delete the branch to clean up.
  • Close issues resolved by this PR if the closing keywords did not activate.

@jkaufman-mitre jkaufman-mitre self-assigned this Jun 7, 2024
@adhilto adhilto modified the milestones: Backlog, Coast Jun 19, 2024
@jkaufman-mitre
Copy link
Collaborator Author

Added the changes to DRIVEDOCS.3.1v0.2 into this PR. Fixes #313

@jkaufman-mitre jkaufman-mitre mentioned this pull request Jun 20, 2024
Closed
@adhilto
Copy link
Collaborator

adhilto commented Jun 20, 2024

Added the changes to DRIVEDOCS.3.1v0.2 into this PR. Fixes #313

@jkaufman-mitre with regard to #313, please also:

  • Clarify the rationale. The current rationale was written through the lens that this setting would apply future security updates as Google releases them.
  • Swap out the link that's currently in the resources section for the one I pasted in Clarify GWS.DRIVEDOCS.3.1v0.2 #313, or another one as you see fit. The current one doesn't work ("Sorry, this page can't be found.")

@jkaufman-mitre jkaufman-mitre requested a review from adhilto July 9, 2024 19:20
@jkaufman-mitre
Copy link
Collaborator Author

@adhilto Just addressed your changes. Please review.

adhilto
adhilto requested changes Jul 9, 2024
View reviewed changes
Copy link
Collaborator

@adhilto adhilto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for these changes. A few more comments:

baselines/Google Drive and Docs Minimum Viable Secure Configuration Baseline v0.2.md Outdated Show resolved Hide resolved
baselines/Google Drive and Docs Minimum Viable Secure Configuration Baseline v0.2.md Outdated Show resolved Hide resolved
@bnewlin-MITRE
Copy link

By not enabling the resource key security update it creates the potential for an unauthorized access to files. Enabling this security update mitigates the risk by ensuring access is controlled properly.

I feel like this is worded vaguely, and there could be a better way to explain what the benefits of the setting entail.

@mdueltgen
Copy link
Collaborator

I updated the rationale statement for 3.1. Requesting review

@mdueltgen mdueltgen requested a review from adhilto July 24, 2024 20:23
@mdueltgen mdueltgen self-assigned this Jul 24, 2024
@adhilto adhilto force-pushed the drive-docs-changes-0.2 branch from b7cc30d to 5830660 Compare July 25, 2024 16:03
adhilto
adhilto approved these changes Jul 25, 2024
View reviewed changes
Copy link
Collaborator

@adhilto adhilto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Baseline looks good and I've implemented the needed changes in the Rego. Just one minor comment about the drift rule, but I'm going to go ahead and approve.

@mdueltgen mdueltgen requested a review from LaurenBassett July 25, 2024 17:58
@adhilto adhilto merged commit 60f8fbf into main Jul 30, 2024
4 checks passed
@adhilto adhilto deleted the drive-docs-changes-0.2 branch July 30, 2024 17:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdueltgen mdueltgen mdueltgen approved these changes

@adhilto adhilto adhilto approved these changes

@LaurenBassett LaurenBassett LaurenBassett approved these changes

@buidav buidav Awaiting requested review from buidav

@prodjom prodjom Awaiting requested review from prodjom

Assignees

@jkaufman-mitre jkaufman-mitre

@mdueltgen mdueltgen

Labels
Baseline Revision Code Changes Required Drive_Docs High
Projects
None yet
Milestone
Coast
5 participants
@jkaufman-mitre @adhilto @bnewlin-MITRE @mdueltgen @LaurenBassett