Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Gmail 10.2 MAY Policy as a note to 10.1 #580

Merged
merged 3 commits into from
Jan 31, 2025
Merged

Adding Gmail 10.2 MAY Policy as a note to 10.1 #580

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b90b034
Update GWS Drift Monitoring Rules - Gmail.csv
bnewlin-MITRE Jan 28, 2025
24dde12
Update gmail.md
bnewlin-MITRE Jan 28, 2025
7ad2cfc
added 10.2 as a note for 10.1
mdueltgen Jan 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion drift-rules/GWS Drift Monitoring Rules - Gmail.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ GWS.GMAIL.8.1v0.3,User email uploads SHALL be disabled to protect against unauth
GWS.GMAIL.9.1v0.3(a),POP and IMAP access SHALL be disabled to protect sensitive agency or organization emails from being accessed through legacy applications or other third-party mail clients.,Admin Log Event,Change Email Setting,IMAP_ACCESS,DISABLED,rules/00gjdgxs3ynriy0,JK 07-31-23 @ 11:07
GWS.GMAIL.9.1v0.3(b),POP and IMAP access SHALL be disabled to protect sensitive agency or organization emails from being accessed through legacy applications or other third-party mail clients.,Admin Log Event,Change Email Setting,ENABLE_POP_ACCESS,false,rules/00gjdgxs16dhzcn,JK 07-31-23 @ 11:07
GWS.GMAIL.10.1v0.3,Google Workspace Sync SHOULD be disabled.,Admin Log Event,Change Email Setting,ENABLE_OUTLOOK_SYNC,false,rules/00gjdgxs2caikn5,JK 07-31-23 @ 11:39
GWS.GMAIL.10.2v0.3,Google Workspace Sync MAY be enabled on a per-user basis as needed.,N/A,N/A,N/A,N/A,N/A,Not Alertable
GWS.GMAIL.11.1v0.3,"Automatic forwarding SHOULD be disabled, especially to external domains.",Admin Log Event,Change Email Setting,ENABLE_EMAIL_AUTOFORWARDING,false,rules/00gjdgxs3bfgdir,JK 07-31-23 @ 11:50
GWS.GMAIL.12.1v0.3,Using a per-user outbound gateway that is a mail server other than the Google Workspace mail servers SHALL be disabled.,Admin Log Event,Change Email Setting,OUTBOUND_RELAY_ENABLED,false,rules/00gjdgxs0wkcpwf,JK 07-31-23 @ 11:38
GWS.GMAIL.13.1v0.3,Unintended external reply warnings SHALL be enabled,Admin Log Event,Change Application Setting,OutOfDomainWarningProto disable_untrusted_recipient_warning,true,rules/00gjdgxs0o6v2pe,JK 07-31-23 @ 13:56
Expand Down
27 changes: 4 additions & 23 deletions scubagoggles/baselines/gmail.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -738,20 +738,7 @@ Google Workspace Sync SHOULD be disabled.

- _Rationale:_ Enabling Google Workspace Sync could potentially expose sensitive agency or organization data to unauthorized access or loss, posing a security risk. By disabling Google Workspace Sync, this risk can be reduced, enhancing the safety and integrity of user data and systems.
- _Last modified:_ July 10, 2023

- MITRE ATT&CK TTP Mapping
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
- [T1048:001: Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol](https://attack.mitre.org/techniques/T1048/001/)
- [T1048:002: Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol](https://attack.mitre.org/techniques/T1048/002/)
- [T1048:003: Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted Non-C2 Protocol](https://attack.mitre.org/techniques/T1048/003/)
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
- [T1199: Trusted Relationship](https://attack.mitre.org/techniques/T1199/)

#### GWS.GMAIL.10.2v0.3
Google Workspace Sync MAY be enabled on a per-user basis as needed.

- _Rationale:_ Enabling Google Workspace Sync indiscriminately could potentially expose sensitive agency or organization data to unauthorized access or loss, posing a security risk. By only allowing Google Workspace Sync on a per-user basis as needed, this risk can be reduced, ensuring the safety and integrity of user data and systems.
- _Last modified:_ July 10, 2023
- _Note:_ Google Workspace Sync May be enabled on a per-user basis as needed.

- MITRE ATT&CK TTP Mapping
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
Expand All @@ -773,18 +760,12 @@ Google Workspace Sync MAY be enabled on a per-user basis as needed.

To configure the settings for Google Workspace Sync:

#### Policy Group 10 Common Instructions
#### GWS.GMAIL.10.1v0.3 Instructions
1. Sign in to the [Google Admin Console](https://admin.google.com).
2. Select **Apps -\> Google Workspace -\> Gmail**.
3. Select **End User Access -\> Google Workspace Sync**.

#### GWS.GMAIL.10.1v0.3 Instructions
1. Uncheck the **Enable Google Workspace Sync for Microsoft Outlook for my users** checkbox.
2. Select **Save**.

#### GWS.GMAIL.10.2v0.3 Instructions
1. There is no implementation steps for this policy.
2. Select **Save**.
4. Uncheck the **Enable Google Workspace Sync for Microsoft Outlook for my users** checkbox.
5. Select **Save**.


## 11. Automatic Forwarding
Expand Down
Loading