Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove the second SHALL in MS.DEFENDER.4.1v1 #1385

Open
3 tasks done
buidav opened this issue Oct 29, 2024 · 1 comment · May be fixed by #1408
Open
3 tasks done

Remove the second SHALL in MS.DEFENDER.4.1v1 #1385

buidav opened this issue Oct 29, 2024 · 1 comment · May be fixed by #1408
Assignees
@schrolla
Labels
baseline-document Issues relating to the text in the baseline documents themselves
Milestone
Kraken

Comments

@buidav
Copy link
Collaborator

buidav commented Oct 29, 2024
edited by schrolla
Loading

💡 Summary

A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.

Example rewording.
`A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN).

Motivation and context

The limit policies to a single RFC keyword.

Implementation notes

  • Change the baseline text.
  • Update the version number MS.DEFENDER.4.1v1 => MS.DEFENDER.4.1v2
  • Update rego?

Acceptance criteria

  • Language is updated in the baseline
  • Version of the policy is bumped
  • Code changes for the new policy version (if necessary).
@buidav buidav added the baseline-document Issues relating to the text in the baseline documents themselves label Oct 29, 2024
@schrolla schrolla added this to the Kraken milestone Oct 30, 2024
@schrolla schrolla self-assigned this Nov 6, 2024
@schrolla
Copy link
Collaborator

schrolla commented Nov 7, 2024
edited
Loading

Note for future baseline policy version updates. To fully update policy version changes had to be made in the following places:

  • The policy ID section header in the baseline itself
  • Policy ID references in the same baseline
  • Due to policy change, update Last updated field to current month/year
  • Policy ID relative anchor links in the same baseline
  • Policy ID references in other associated baselines
  • Policy ID relative anchor links in other associated baselines
  • Policy ID version comment and reference in DefenderConfig.rego code
  • Policy ID version in CreateReportStubs/TestResults.json references (to ensure NewReport tests pass)
  • Policy ID version in associated MS.DEFENDER.4.1 rego tests

@schrolla schrolla linked a pull request Nov 7, 2024 that will close this issue
Open
21 tasks
@schrolla schrolla linked a pull request Nov 7, 2024 that will close this issue
Remove extraneous SHALL from MS.DEFENDER.4.1 #1408
Open
21 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@schrolla schrolla

Labels
baseline-document Issues relating to the text in the baseline documents themselves
Projects
None yet
Milestone
Kraken
Development

Successfully merging a pull request may close this issue.

Remove extraneous SHALL from MS.DEFENDER.4.1 cisagov/ScubaGear
2 participants
@buidav @schrolla