Detections
Analytics

CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0

Audit Details

Name: CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0

Updated: 3/22/2025

Authority: TNS

Plugin: microsoft_azure

Revision: 1.0

Estimated Item Count: 9

File Details

Filename: CISA_SCuBA_M365_SharePoint_Online_OneDrive_v1.5.0.audit

Size: 74.6 kB

MD5: 624eb811005c2b65327eeec8090e42bd
SHA256: 783547d59ae8c83cfd4ff68f0950151ae03904aef8d3c38774eebfc37021155a

Audit Items

DescriptionCategories
MS.SHAREPOINT.1.1v1 - External sharing for SharePoint SHALL be limited to Existing guests or Only people in your organization.

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.1.2v1 - External sharing for OneDrive SHALL be limited to Existing guests or Only people in your organization.

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.1.3v1 - External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs.

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.1.4v1 - Guest access SHALL be limited to the email the invitation was sent to.

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.2.1v1 - File and folder default sharing scope SHALL be set to Specific people (only the people the user specifies).

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.2.2v1 - File and folder default sharing permissions SHALL be set to View.

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.3.1v1 - Expiration days for Anyone links SHALL be set to 30 days or less.

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.3.2v1 - The allowable file and folder permissions for links SHALL be set to View only.

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.3.3v1 - Reauthentication days for people who use a verification code SHALL be set to 30 days or less.

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY