Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

change baseline .md's to use reference links (#494) #1444

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

change baseline .md's to use reference links (#494) #1444

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
348 changes: 217 additions & 131 deletions PowerShell/ScubaGear/baselines/aad.md
View file
Open in desktop

Large diffs are not rendered by default.

329 changes: 214 additions & 115 deletions PowerShell/ScubaGear/baselines/defender.md
View file
Open in desktop

Large diffs are not rendered by default.

519 changes: 330 additions & 189 deletions PowerShell/ScubaGear/baselines/exo.md
View file
Open in desktop

Large diffs are not rendered by default.

258 changes: 182 additions & 76 deletions PowerShell/ScubaGear/baselines/powerbi.md
View file
Open in desktop

Large diffs are not rendered by default.

125 changes: 86 additions & 39 deletions PowerShell/ScubaGear/baselines/powerplatform.md
View file
Open in desktop

Large diffs are not rendered by default.

25 changes: 17 additions & 8 deletions PowerShell/ScubaGear/baselines/removedpolicies.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,17 @@ For non-Federal users, the information in this document is being provided “as
> This document is marked TLP:CLEAR. Recipients may share this information without restriction. Information is subject to standard copyright rules. For more information on the Traffic Light Protocol, see https://www.cisa.gov/tlp.

## Key Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119][].

Additional terminology in this document specific to their respective SCBs are to be interpreted as described in the following:

1. [AAD](https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/aad.md#key-terminology)
2. [Defender](https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/defender.md#key-terminology)
3. [Exo](https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/exo.md#key-terminology)
4. [Power BI](https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/powerbi.md#key-terminology)
5. [PowerPlatform](https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/powerplatform.md#key-terminology)
6. [SharePoint](https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/sharepoint.md#key-terminology)
7. [Teams](https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/teams.md#key-terminology)
1. [AAD][]
2. [Defender][]
3. [Exo][]
4. [Power BI][]
5. [PowerPlatform][]
6. [SharePoint][]
7. [Teams][]

# Azure Active Directory / Entra ID

Expand Down Expand Up @@ -66,3 +66,12 @@ Users SHALL be prevented from running custom scripts on personal sites (aka OneD
- _Removal date:_ July 2024
- _Removal rationale:_ The option to enable and disable custom scripting on personal sites (aka OneDrive) found in policy MS.SHAREPOINT.4.1v1 has been deprecated by Microsoft. All references including the policy and its implementation steps have been removed as the setting is no longer present. Furthermore, it is no longer possible to allow custom scripts on personal sites.


[RFC 2119]: https://datatracker.ietf.org/doc/html/rfc2119
[AAD]: https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/aad.md#key-terminology
[Defender]: https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/defender.md#key-terminology
[Exo]: https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/exo.md#key-terminology
[Power BI]: https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/powerbi.md#key-terminology
[PowerPlatform]: https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/powerplatform.md#key-terminology
[SharePoint]: https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/sharepoint.md#key-terminology
[Teams]: https://github.com/cisagov/ScubaGear/blob/main/PowerShell/ScubaGear/baselines/teams.md#key-terminology
109 changes: 66 additions & 43 deletions PowerShell/ScubaGear/baselines/sharepoint.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,13 @@ For non-Federal users, the information in this document is being provided “as

## License Compliance and Copyright

Portions of this document are adapted from documents in Microsoft’s [M365](https://github.com/MicrosoftDocs/microsoft-365-docs/blob/public/LICENSE) and [Azure](https://github.com/MicrosoftDocs/azure-docs/blob/main/LICENSE) GitHub repositories. The respective documents are subject to copyright and are adapted under the terms of the Creative Commons Attribution 4.0 International license. Source are linked throughout this document. The United States government has adapted selections of these documents to develop innovative and scalable configuration standards to strengthen the security of widely used cloud-based software services.
Portions of this document are adapted from documents in Microsoft’s [M365][] and [Azure][] GitHub repositories. The respective documents are subject to copyright and are adapted under the terms of the Creative Commons Attribution 4.0 International license. Source are linked throughout this document. The United States government has adapted selections of these documents to develop innovative and scalable configuration standards to strengthen the security of widely used cloud-based software services.

## Assumptions
The **License Requirements** sections of this document assume the organization is using an [M365 E3](https://www.microsoft.com/en-us/microsoft-365/compare-microsoft-365-enterprise-plans) or [G3](https://www.microsoft.com/en-us/microsoft-365/government) license level at a minimum. Therefore, only licenses not included in E3/G3 are listed.
The **License Requirements** sections of this document assume the organization is using an [M365 E3][] or [G3][] license level at a minimum. Therefore, only licenses not included in E3/G3 are listed.

## Key Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119][].

# Baseline Policies

Expand All @@ -36,9 +36,9 @@ External sharing for SharePoint SHALL be limited to Existing guests or Only peop
- _Rationale:_ Sharing information outside the organization via SharePoint increases the risk of unauthorized access. By limiting external sharing, administrators decrease the risk of access to information.
- _Last modified:_ June 2023
- _MITRE ATT&CK TTP Mapping:_
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
- [T1213: Data from Information Repositories](https://attack.mitre.org/techniques/T1213/)
- [T1213.002: Sharepoint](https://attack.mitre.org/techniques/T1213/002/)
- [T1048: Exfiltration Over Alternative Protocol][]
- [T1213: Data from Information Repositories][]
- [T1213.002: Sharepoint][]

#### MS.SHAREPOINT.1.2v1
External sharing for OneDrive SHALL be limited to Existing guests or Only people in your organization.
Expand All @@ -47,10 +47,10 @@ External sharing for OneDrive SHALL be limited to Existing guests or Only people
- _Rationale:_ Sharing files outside the organization via OneDrive increases the risk of unauthorized access. By limiting external sharing, administrators decrease the risk of unauthorized unauthorized access to information.
- _Last modified:_ June 2023
- _MITRE ATT&CK TTP Mapping:_
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
- [T1213: Data from Information Repositories](https://attack.mitre.org/techniques/T1213/)
- [T1213.002: Sharepoint](https://attack.mitre.org/techniques/T1213/002/)
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
- [T1048: Exfiltration Over Alternative Protocol][]
- [T1213: Data from Information Repositories][]
- [T1213.002: Sharepoint][]
- [T1530: Data from Cloud Storage][]

#### MS.SHAREPOINT.1.3v1
External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs.
Expand All @@ -60,10 +60,10 @@ External sharing SHALL be restricted to approved external domains and/or users i
- _Last modified:_ June 2023
- _Note:_ This policy is only applicable if the external sharing slider on the admin page is set to any value other than **Only people in your organization**.
- _MITRE ATT&CK TTP Mapping:_
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
- [T1213: Data from Information Repositories](https://attack.mitre.org/techniques/T1213/)
- [T1213.002: Sharepoint](https://attack.mitre.org/techniques/T1213/002/)
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
- [T1048: Exfiltration Over Alternative Protocol][]
- [T1213: Data from Information Repositories][]
- [T1213.002: Sharepoint][]
- [T1530: Data from Cloud Storage][]

#### MS.SHAREPOINT.1.4v1
Guest access SHALL be limited to the email the invitation was sent to.
Expand All @@ -73,16 +73,16 @@ Guest access SHALL be limited to the email the invitation was sent to.
- _Last modified:_ June 2023
- _Note:_ This policy is only applicable if the external sharing slider on the admin page is set to any value other than **Only People in your organization**.
- _MITRE ATT&CK TTP Mapping:_
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
- [T1213: Data from Information Repositories](https://attack.mitre.org/techniques/T1213/)
- [T1213.002: Sharepoint](https://attack.mitre.org/techniques/T1213/002/)
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
- [T1048: Exfiltration Over Alternative Protocol][]
- [T1213: Data from Information Repositories][]
- [T1213.002: Sharepoint][]
- [T1530: Data from Cloud Storage][]

### Resources

- [Overview of external sharing in SharePoint and OneDrive in Microsoft 365 \| Microsoft Documents](https://learn.microsoft.com/en-us/sharepoint/external-sharing-overview)
- [Overview of external sharing in SharePoint and OneDrive in Microsoft 365 \| Microsoft Documents][]

- [Manage sharing settings for SharePoint and OneDrive in Microsoft 365 \| Microsoft Documents](https://learn.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off)
- [Manage sharing settings for SharePoint and OneDrive in Microsoft 365 \| Microsoft Documents][]

### License Requirements

Expand Down Expand Up @@ -160,11 +160,11 @@ File and folder default sharing scope SHALL be set to Specific people (only the
- _Rationale:_ By making the default sharing the most restrictive, administrators prevent accidentally sharing information too broadly.
- _Last modified:_ June 2023
- _MITRE ATT&CK TTP Mapping:_
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
- [T1213: Data from Information Repositories](https://attack.mitre.org/techniques/T1213/)
- [T1213.002: Sharepoint](https://attack.mitre.org/techniques/T1213/002/)
- [T1565: Data Manipulation](https://attack.mitre.org/techniques/T1565/)
- [T1565.001: Stored Data Manipulation](https://attack.mitre.org/techniques/T1565/001/)
- [T1048: Exfiltration Over Alternative Protocol][]
- [T1213: Data from Information Repositories][]
- [T1213.002: Sharepoint][]
- [T1565: Data Manipulation][]
- [T1565.001: Stored Data Manipulation][]

#### MS.SHAREPOINT.2.2v1
File and folder default sharing permissions SHALL be set to View.
Expand All @@ -173,14 +173,14 @@ File and folder default sharing permissions SHALL be set to View.
- _Rationale:_ Edit access to files and folders could allow a user to make unauthorized changes. By restricting default permissions to **View**, administrators prevent unintended or malicious modification.
- _Last modified:_ June 2023
- _MITRE ATT&CK TTP Mapping:_
- [T1080: Taint Shared Content](https://attack.mitre.org/techniques/T1080/)
- [T1565: Data Manipulation](https://attack.mitre.org/techniques/T1565/)
- [T1565.001: Stored Data Manipulation](https://attack.mitre.org/techniques/T1565/001/)
- [T1080: Taint Shared Content][]
- [T1565: Data Manipulation][]
- [T1565.001: Stored Data Manipulation][]

### Resources

- [File and folder links \| Microsoft
Documents](https://learn.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off#file-and-folder-links)
Documents][]

### License Requirements

Expand Down Expand Up @@ -223,10 +223,10 @@ Expiration days for Anyone links SHALL be set to 30 days or less.
- _Last modified:_ June 2023
- _Note:_ This policy is only applicable if the external sharing slider on the admin center sharing page is set to **Anyone**.
- _MITRE ATT&CK TTP Mapping:_
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
- [T1213: Data from Information Repositories](https://attack.mitre.org/techniques/T1213/)
- [T1213.002: Sharepoint](https://attack.mitre.org/techniques/T1213/002/)
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
- [T1048: Exfiltration Over Alternative Protocol][]
- [T1213: Data from Information Repositories][]
- [T1213.002: Sharepoint][]
- [T1530: Data from Cloud Storage][]

#### MS.SHAREPOINT.3.2v1
The allowable file and folder permissions for links SHALL be set to View only.
Expand All @@ -236,9 +236,9 @@ The allowable file and folder permissions for links SHALL be set to View only.
- _Last modified:_ June 2023
- _Note:_ This policy is only applicable if the external sharing slider on the admin center sharing page is set to **Anyone**.
- _MITRE ATT&CK TTP Mapping:_
- [T1080: Taint Shared Content](https://attack.mitre.org/techniques/T1080/)
- [T1565: Data Manipulation](https://attack.mitre.org/techniques/T1565/)
- [T1565.001: Stored Data Manipulation](https://attack.mitre.org/techniques/T1565/001/)
- [T1080: Taint Shared Content][]
- [T1565: Data Manipulation][]
- [T1565.001: Stored Data Manipulation][]

#### MS.SHAREPOINT.3.3v1
Reauthentication days for people who use a verification code SHALL be set to 30 days or less.
Expand All @@ -248,9 +248,9 @@ Reauthentication days for people who use a verification code SHALL be set to 30
- _Last modified:_ June 2023
- _Note:_ This policy is only applicable if the external sharing slider on the admin center sharing page is set to **Anyone** or **New and existing guests**.
- _MITRE ATT&CK TTP Mapping:_
- [T1080: Taint Shared Content](https://attack.mitre.org/techniques/T1080/)
- [T1565: Data Manipulation](https://attack.mitre.org/techniques/T1565/)
- [T1565.001: Stored Data Manipulation](https://attack.mitre.org/techniques/T1565/001/)
- [T1080: Taint Shared Content][]
- [T1565: Data Manipulation][]
- [T1565.001: Stored Data Manipulation][]

### License Requirements

Expand All @@ -259,7 +259,7 @@ Reauthentication days for people who use a verification code SHALL be set to 30
### Resources

- [Secure external sharing recipient experience \| Microsoft
Documents](https://learn.microsoft.com/en-us/sharepoint/what-s-new-in-sharing-in-targeted-release)
Documents][]

### Implementation

Expand Down Expand Up @@ -320,13 +320,13 @@ Users SHALL be prevented from running custom scripts on self-service created sit
- _Rationale:_ Scripts on SharePoint sites run in the context of users visiting the site and therefore provide access to everything users can access. By preventing custom scripts on self-service created sites, administrators block a path for potentially malicious code execution.
- _Last modified:_ June 2023
- _MITRE ATT&CK TTP Mapping:_
- [T1059: Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059/)
- [T1059.009: Cloud API](https://attack.mitre.org/techniques/T1059/009/)
- [T1059: Command and Scripting Interpreter][]
- [T1059.009: Cloud API][]

### Resources

- [Allow or prevent custom script \| Microsoft
Documents](https://docs.microsoft.com/en-us/sharepoint/allow-or-prevent-custom-script)
Documents][]

### License Requirements

Expand All @@ -347,3 +347,26 @@ Users SHALL be prevented from running custom scripts on self-service created sit
5. Select **Prevent users from running custom script on self-service created sites**.

6. Select **OK**.

[M365]: https://github.com/MicrosoftDocs/microsoft-365-docs/blob/public/LICENSE
[Azure]: https://github.com/MicrosoftDocs/azure-docs/blob/main/LICENSE
[M365 E3]: https://www.microsoft.com/en-us/microsoft-365/compare-microsoft-365-enterprise-plans
[G3]: https://www.microsoft.com/en-us/microsoft-365/government
[RFC 2119]: https://datatracker.ietf.org/doc/html/rfc2119
[T1048: Exfiltration Over Alternative Protocol]: https://attack.mitre.org/techniques/T1048/
[T1213: Data from Information Repositories]: https://attack.mitre.org/techniques/T1213/
[T1213.002: Sharepoint]: https://attack.mitre.org/techniques/T1213/002/
[T1530: Data from Cloud Storage]: https://attack.mitre.org/techniques/T1530/
[Overview of external sharing in SharePoint and OneDrive in Microsoft 365 \| Microsoft Documents]: https://learn.microsoft.com/en-us/sharepoint/external-sharing-overview
[Manage sharing settings for SharePoint and OneDrive in Microsoft 365 \| Microsoft Documents]: https://learn.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off
[T1565: Data Manipulation]: https://attack.mitre.org/techniques/T1565/
[T1565.001: Stored Data Manipulation]: https://attack.mitre.org/techniques/T1565/001/
[T1080: Taint Shared Content]: https://attack.mitre.org/techniques/T1080/
[File and folder links \| Microsoft
Documents]: https://learn.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off#file-and-folder-links
[Secure external sharing recipient experience \| Microsoft
Documents]: https://learn.microsoft.com/en-us/sharepoint/what-s-new-in-sharing-in-targeted-release
[T1059: Command and Scripting Interpreter]: https://attack.mitre.org/techniques/T1059/
[T1059.009: Cloud API]: https://attack.mitre.org/techniques/T1059/009/
[Allow or prevent custom script \| Microsoft
Documents]: https://docs.microsoft.com/en-us/sharepoint/allow-or-prevent-custom-script
Loading