Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft Outlook 2010 STIG
DTOO218 - Calendar details published by users
Level of calendar details that a user can publish must be restricted.
Level of calendar details that a user can publish must be restricted.
An XCCDF Rule
Details
Profiles
Prose
Level of calendar details that a user can publish must be restricted.
Medium Severity
<VulnDiscussion>Outlook users can share their calendars with selected others by publishing them to the Microsoft Office Outlook Calendar Sharing Service. Users can choose from three levels of detail: • Availability only. Authorized visitors will see the user's time marked as Free, Busy, tentative, or Out of Office, but will not be able to see the subjects or details of calendar items. • Limited details. Authorized visitors can see the user's availability and the subjects of calendar items only. They will not be able to view the details of calendar items. Optionally, users can allow visitors to see the existence of private items. • Full details. Authorized visitors can see the full details of calendar items. Optionally, users can allow visitors to see the existence of private items and to access attachments within calendar items. If users are allowed to publish limited or full details, sensitive information in their calendars could become exposed to parties who are not authorized to have that information. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>