CISA.MS.EXO.6.2 - Calendar details SHALL NOT be shared with all domains.
Overviewβ
Calendar details SHALL NOT be shared with all domains.
Rationale: Calendar details may contain information that should not be shared by default with all domains. Disabling sharing with all domains closes an avenue for data exfiltration while still allowing for legitimate use as needed.
Remediation action:β
To restrict sharing with all domains:
- Sign in to the Exchange admin center.
- On the left-hand pane under Organization, select Sharing.
- Select Individual Sharing.
- For all existing policies, select the policy, then select Manage domains.
- For all sharing rules under all existing policies, ensure Sharing with everyone and Anonymous do not include CalendarSharing.
Related linksβ
- Exchange admin center - Individual Sharing
- Microsoft 365 admin center - Org settings - Calendar
- CISA 6 Calendar and Contact Sharing - MS.EXO.6.2v1
- CISA ScubaGear Rego Reference
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | CISA.MS.EXO.6.2 |
| Severity | Medium |
| Suite | CISA |
| Category | exchange |
| PowerShell test | Test-MtCisaCalendarSharing |
| Tags | CISA, CISA.MS.EXO.6.2, MS.EXO, MS.EXO.6.2 |
Sourceβ
- Pester test:
tests/cisa/exchange/Test-MtCisaCalendarSharing.Tests.ps1 - PowerShell source:
powershell/public/cisa/exchange/Test-MtCisaCalendarSharing.ps1