generated from cisagov/ScubaGear
-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathomit_policies.yaml
22 lines (19 loc) · 1.11 KB
/
omit_policies.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# YAML configuration demonstrating omitting policies from ScubaGoggles evaluation.
# Any omitted policies should be carefully considered and documented as part of an
# organization's cybersecurity risk management program process and practices.
baselines: [gmail, commoncontrols]
omitpolicy:
GWS.GMAIL.3.1:
rationale: "Known false positive; our SPF policy currently cannot to be retrieved via ScubaGoggles due to a split
horizon setup but is available publicly."
expiration: "2023-12-31"
GWS.COMMONCONTROLS.18.1:
rationale: &DLPRationale "The DLP capability required by the baselines is implemented by third party product, [x],
which ScubaGoggles does not have the ability to check."
GWS.COMMONCONTROLS.18.2:
rationale: *DLPRationale
# The "&" character used in the above example defines an anchor, which saves a value
# for future reference. This value can then be retrieved with the "*" character. See
# https://yaml.org/spec/1.2.2/#692-node-anchors for more details. In this case, the
# anchor allows you to configure multiple omissions that share the same rationale
# without repeating yourself.