MS.EXO.6.1v1 - Contact folders SHALL NOT be shared with all domains.

Information

Contact folders may contain information that should not be shared by default with all domains. Disabling sharing with all domains closes an avenue for data exfiltration while still allowing for specific legitimate use as needed.

Solution

To restrict sharing with all domains:

1. Sign in to the Exchange admin center.

2. On the left-hand pane under Organization, select Sharing.

3. Select Individual Sharing.

4. For all existing policies, select the policy, then select Manage domains.

5. For all sharing rules under all existing policies, ensure Sharing with all domains is not selected.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-4, 800-53|AC-6, 800-53|AC-16, 800-53|AC-20, 800-53|AC-23, 800-53|CA-3, 800-53|CA-7, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|SA-8, 800-53|SA-9, 800-53|SC-7, 800-53|SC-28, 800-53|SC-31, 800-53|SI-3, 800-53|SI-4, 800-53|SI-10, 800-53|SI-15

Plugin: microsoft_azure

Control ID: 358e253d817fdcfeb47e8b0ea86ad062f112eaa861fe5da2bd36997579608393