Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft Outlook 2010 STIG
DTOO219 - Access to Published Calendars
DTOO219 - Access to Published Calendars
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
DTOO219 - Access to Published Calendars
1 Rule
<GroupDescription></GroupDescription>
Access restriction settings for published calendars must be configured.
Medium Severity
<VulnDiscussion>Users can share their calendars with others by publishing them to the Microsoft Office Online Calendar Sharing Services and to a server that supports the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol. Office Online allows users to choose whether to restrict access to their calendars to people they invite, or allow unrestricted access to anyone who knows the URL to reach the calendar. DAV access restrictions can only be achieved through server and folder permissions, and might require the assistance of a server administrator to set up and maintain. If a calendar is visible to anyone on Office Online or third-party DAV servers, sensitive information might be revealed contained in calendar appointments. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>