CISA.MS.EXO.6.1 - Contact folders SHALL NOT be shared with all domains.
Overviewβ
Contact folders SHALL NOT be shared with all domains.
Rationale: Contact folders may contain information that should not be shared by default with all domains. Disabling sharing with all domains closes an avenue for data exfiltration while still allowing for specific legitimate use as needed.
Remediation action:β
To restrict sharing with all domains:
- Sign in to the Exchange admin center.
- On the left-hand pane under Organization, select Sharing.
- Select Individual Sharing.
- For all existing policies, select the policy, then select Manage domains.
- For all sharing rules under all existing policies, ensure Sharing with everyone and Anonymous do not include ContactsSharing.
Related linksβ
- Exchange admin center - Individual Sharing
- CISA 6 Calendar and Contact Sharing - MS.EXO.6.1v1
- CISA ScubaGear Rego Reference
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | CISA.MS.EXO.6.1 |
| Severity | Medium |
| Suite | CISA |
| Category | exchange |
| PowerShell test | Test-MtCisaContactSharing |
| Tags | CISA, CISA.MS.EXO.6.1, MS.EXO, MS.EXO.6.1 |
Sourceβ
- Pester test:
tests/cisa/exchange/Test-MtCisaContactSharing.Tests.ps1 - PowerShell source:
powershell/public/cisa/exchange/Test-MtCisaContactSharing.ps1