800-53|SI-15

Title

INFORMATION OUTPUT FILTERING

Description

The information system validates information output from [Assignment: organization-defined software programs and/or applications] to ensure that the information is consistent with the expected content.

Supplemental

Certain types of cyber attacks (e.g., SQL injections) produce output results that are unexpected or inconsistent with the output results that would normally be expected from software programs or applications. This control enhancement focuses on detecting extraneous content, preventing such extraneous content from being displayed, and alerting monitoring tools that anomalous behavior has been discovered.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SI-3,SI-4

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Priority: P0

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
MS.DEFENDER.4.1v2 - A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.	microsoft_azure	CISA SCuBA Microsoft 365 Defender v1.5.0
MS.DEFENDER.4.2v1 - The custom policy SHOULD be applied to Exchange, OneDrive, SharePoint, Teams chat, and Devices.	microsoft_azure	CISA SCuBA Microsoft 365 Defender v1.5.0
MS.DEFENDER.4.3v1 - The action for the custom policy SHOULD be set to block sharing sensitive information with everyone.	microsoft_azure	CISA SCuBA Microsoft 365 Defender v1.5.0
MS.DEFENDER.4.5v1 - A list of apps that are restricted from accessing files protected by DLP policy SHOULD be defined.	microsoft_azure	CISA SCuBA Microsoft 365 Defender v1.5.0
MS.DEFENDER.4.6v1 - The custom policy SHOULD include an action to block access to sensitive	microsoft_azure	CISA SCuBA Microsoft 365 Defender v1.5.0
MS.EXO.1.1v1 - Automatic forwarding to external domains SHALL be disabled.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.EXO.6.1v1 - Contact folders SHALL NOT be shared with all domains.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.EXO.6.2v1 - Calendar details SHALL NOT be shared with all domains.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.EXO.8.1v2 - A DLP solution SHALL be used.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.EXO.8.2v2 - The DLP solution SHALL protect personally identifiable information (PII) and sensitive information, as defined by the agency.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.EXO.8.3v1 - The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.EXO.8.4v1 - At a minimum, the DLP solution SHALL restrict sharing credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) via email.	microsoft_azure	CISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.POWERPLATFORM.1.1v1 - The ability to create production and sandbox environments SHALL be restricted to admins.	microsoft_azure	CISA SCuBA Microsoft 365 Power Platform v1.5.0
MS.POWERPLATFORM.2.1v1 - A DLP policy SHALL be created to restrict connector access in the default Power Platform environment.	microsoft_azure	CISA SCuBA Microsoft 365 Power Platform v1.5.0
MS.POWERPLATFORM.2.2v1 - Non-default environments SHOULD have at least one DLP policy affecting them.	microsoft_azure	CISA SCuBA Microsoft 365 Power Platform v1.5.0
MS.SHAREPOINT.1.1v1 - External sharing for SharePoint SHALL be limited to Existing guests or Only people in your organization.	microsoft_azure	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0
MS.SHAREPOINT.1.2v1 - External sharing for OneDrive SHALL be limited to Existing guests or Only people in your organization.	microsoft_azure	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0
MS.SHAREPOINT.1.3v1 - External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs.	microsoft_azure	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0
MS.SHAREPOINT.1.4v1 - Guest access SHALL be limited to the email the invitation was sent to.	microsoft_azure	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0
MS.SHAREPOINT.2.1v1 - File and folder default sharing scope SHALL be set to Specific people (only the people the user specifies).	microsoft_azure	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0
MS.SHAREPOINT.3.1v1 - Expiration days for Anyone links SHALL be set to 30 days or less.	microsoft_azure	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0
MS.TEAMS.6.1v1 - A DLP solution SHALL be enabled. The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.	microsoft_azure	CISA SCuBA Microsoft 365 Teams v1.5.0
MS.TEAMS.6.2v1 - The DLP solution SHALL protect personally identifiable information (PII)	microsoft_azure	CISA SCuBA Microsoft 365 Teams v1.5.0

Detections

Analytics