Detections
Analytics
CISA SCuBA Microsoft 365 Teams v1.5.0
Audit Details
Name: CISA SCuBA Microsoft 365 Teams v1.5.0
Updated: 3/22/2025
Authority: TNS
Plugin: microsoft_azure
Revision: 1.0
Estimated Item Count: 21
File Details
Filename: CISA_SCuBA_M365_Teams_v1.5.0.audit
Size: 88.5 kB
Audit Items
| Description | Categories |
|---|---|
| MS.TEAMS.1.1v1 - External meeting participants SHOULD NOT be enabled to request control of shared desktops or windows. | CONFIGURATION MANAGEMENT |
| MS.TEAMS.1.2v1 - Anonymous users SHALL NOT be enabled to start meetings. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.1.3v1 - Anonymous users and dial-in callers SHOULD NOT be admitted automatically. | CONFIGURATION MANAGEMENT |
| MS.TEAMS.1.4v1 - Internal users SHOULD be admitted automatically. | CONFIGURATION MANAGEMENT |
| MS.TEAMS.1.5v1 - Dial-in users SHOULD NOT be enabled to bypass the lobby. | CONFIGURATION MANAGEMENT |
| MS.TEAMS.1.6v1 - Meeting recording SHOULD be disabled. | CONFIGURATION MANAGEMENT |
| MS.TEAMS.1.7v1 - Record an event SHOULD be set to Organizer can record. | CONFIGURATION MANAGEMENT |
| MS.TEAMS.2.1v1 - External access for users SHALL only be enabled on a per-domain basis. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.2.2v1 - Unmanaged users SHALL NOT be enabled to initiate contact with internal users. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.2.3v1 - Internal users SHOULD NOT be enabled to initiate contact with unmanaged users. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.3.1v1 - Contact with Skype users SHALL be blocked. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.4.1v1 - Teams email integration SHALL be disabled. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.5.1v1 - Agencies SHOULD only allow installation of Microsoft apps approved by the agency. | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.5.2v1 - Agencies SHOULD only allow installation of third-party apps approved by the agency. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.5.3v1 - Agencies SHOULD only allow installation of custom apps approved by the agency. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.6.1v1 - A DLP solution SHALL be enabled. The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.6.2v1 - The DLP solution SHALL protect personally identifiable information (PII) | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.7.1v1 - Attachments included with Teams messages SHOULD be scanned for malware. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.7.2v1 - Users SHOULD be prevented from opening or downloading files detected as malware. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.8.1v1 - URL comparison with a blocklist SHOULD be enabled. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.8.2v1 - User click tracking SHOULD be enabled. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |