DTOO219 - Access restriction settings for published calendars must be configured.

Information

This policy setting determines what restrictions apply to users who publish their calendars on Office.com or third-party World Wide Web Distributed Authoring and Versioning (WebDAV) servers. If you enable or disable this policy setting, calendars that are published on Office.com must have restricted access (users other than the calendar owner/publisher who wish to view the calendar can only do so if they receive invitations from the calendar owner), and users cannot publish their calendars to third-party DAV servers. If you do not configure this policy setting, users can share their calendars with others by publishing them to the Office.com Calendar Sharing Services and to a server that supports the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol. Office.com allows users to choose whether to restrict access to their calendars to people they invite, or allow unrestricted access to anyone who knows the URL to reach the calendar. DAV access restrictions can only be achieved through server and folder permissions, and might require the assistance of a server administrator to set up and maintain.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Outlook Options -> Preferences -> Calendar Options -> Office.com Sharing Service 'Access to published calendars' to 'Enabled'.

See Also

http://iasecontent.disa.mil/stigs/zip/U_MS_Outlook_2016_V1R2_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-20, CAT|II, CCI|CCI-000366, Rule-ID|SV-85759r1_rule, STIG-ID|DTOO219, Vuln-ID|V-71135

Plugin: Windows

Control ID: 3b9dde278ce5a0945f91e436f4f30a6ceab728f0e5e6c4728b566a6a8df18f79