MS.SHAREPOINT.1.3v1 - External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs.

Information

By limiting sharing to domains or approved security groups used for interagency collaboration purposes, administrators help prevent sharing with unknown organizations and individuals.

Solution

Note: If SharePoint external sharing is set to its most restrictive setting of "Only people in your organization", then no external sharing is allowed and no implementation changes are required for this policy item.

1. Sign in to the SharePoint admin center.

2. Select Policies \> Sharing.

3. Expand More external sharing settings.

4. Select Limit external sharing by domain.

5. Select Add domains.

6. Add each approved external domain users are allowed to share files with.

7. Select Manage security groups

8. Add each approved security group. Members of these groups will be allowed to share files externally.

9. Select Save.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-4, 800-53|AC-5, 800-53|AC-6, 800-53|AC-7, 800-53|AC-16, 800-53|AC-17, 800-53|AC-18, 800-53|AC-19, 800-53|AC-20, 800-53|AC-21, 800-53|AC-23, 800-53|CA-3, 800-53|CA-7, 800-53|CA-8, 800-53|CM-2, 800-53|CM-3, 800-53|CM-5, 800-53|CM-6, 800-53|CM-7, 800-53|CM-8, 800-53|IA-2, 800-53|IA-3, 800-53|IA-4, 800-53|IA-5, 800-53|IA-6, 800-53|IA-8, 800-53|RA-5, 800-53|SA-8, 800-53|SA-9, 800-53|SC-4, 800-53|SC-7, 800-53|SC-28, 800-53|SC-31, 800-53|SI-3, 800-53|SI-4, 800-53|SI-7, 800-53|SI-10, 800-53|SI-12, 800-53|SI-15

Plugin: microsoft_azure

Control ID: 27bdaa301b2e6a2009a327378f503d90dd21678785824dc80b5fa464d6ea49e6