search

cisagov / ScubaGoggles

SCuBA Security Configuration Baselines and assessment tool for Google Workspace
https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
Creative Commons Zero v1.0 Universal
128 stars 13 forks source link

Gmail Clarify Bypassing Spam Filters #149

Open adhilto opened 5 months ago

adhilto commented 5 months ago

(Using the numbers of the gmail-changes-1 branch)

GWS.GMAIL.14.1v0.1 instructs users to not use an email allowlist, referring to this feature here: image

However, there is another way to create an allowlist that the baseline does not address: image

What was previously GWS.GMAIL.18 touched on some of these settings, but this group is being deleted. I agree with the deletion of this group--the guidance there was confusing and contradictory--but I would recommend adding a new control group that rules out the various ways users could bypass spam protections.

Proposed group name: "Spam Filtering"

Policies:

  1. "Domains SHALL NOT be added to lists that bypass spam filters." With a note: "Note: Allowed senders MAY be added."
  2. "Domains SHALL NOT be added to lists that bypass spam filters and hide warnings."
  3. "Bypass spam filters and hide warnings for all messages from internal and external senders SHALL NOT be enabled."
jkaufman-mitre commented 5 months ago

@adhilto Will discuss this with the team to determine which changes should be made. @prodjom

jkaufman-mitre commented 5 months ago

@adhilto We will implement the recommended changes.

jkaufman-mitre commented 2 months ago

PR has been created. TTP Mappings still need to be done and drift rules need to be created.

jkaufman-mitre commented 2 months ago

Drift Rules have been completed. Now only waiting on TTP mappings.

jkaufman-mitre commented 3 weeks ago

Followed-up on the status of the TTP mappings.