MS.EXO.6.2v1 - Calendar details SHALL NOT be shared with all domains.

Information

Calendar details may contain information that should not be shared by default with all domains. Disabling sharing with all domains closes an avenue for data exfiltration while still allowing for legitimate use as needed.

Solution

To restrict sharing calendar details with all domains:

1. Refer to step 5 in [MS.EXO.6.1v1 Instructions](#msexo61v1-instructions) to implement
this policy.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-4, 800-53|AC-6, 800-53|AC-16, 800-53|AC-20, 800-53|AC-23, 800-53|CA-3, 800-53|CA-7, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|SA-8, 800-53|SA-9, 800-53|SC-7, 800-53|SC-28, 800-53|SC-31, 800-53|SI-3, 800-53|SI-4, 800-53|SI-10, 800-53|SI-15

Plugin: microsoft_azure

Control ID: 99b0e61827bdb82fb3e057ac771d69d8d037e9661794c31bfd02be888ce9aef3