3.2.1 (L1) Ensure DLP policies are enabled

Information

Data Loss Prevention (DLP) policies allow Exchange Online and SharePoint Online content to be scanned for specific types of data like social security numbers, credit card numbers, or passwords.

Enabling DLP policies alerts users and administrators that specific types of data should not be exposed, helping to protect the data from accidental exposure.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To remediate using the UI:

- Navigate to Microsoft Purview

https://purview.microsoft.com/

- Click Solutions > Data loss prevention then Policies
- Click Create policy
- Create a policy that is specific to the types of data the organization wishes to protect.

Impact:

Enabling a Teams DLP policy will allow sensitive data in Exchange Online and SharePoint Online to be detected or blocked. Always ensure to follow appropriate procedures during testing and implementation of DLP policies based on organizational standards.

See Also

https://workbench.cisecurity.org/benchmarks/20006

Item Details

Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AU-11, 800-53|SI-12, CSCv7|13, CSCv7|14.7

Plugin: microsoft_azure

Control ID: 01947713a899b8f15b3598e702b3228729712d6695f7c09896b80ad7e153dbab