-
Notifications
You must be signed in to change notification settings - Fork 203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adjudicate "substantive changes" to the SharePoint Online Baseline Markdown #249
Comments
2 Quick questions:
|
My opinion:
|
|
Not the last question, but can dream. @ahuynhMITRE are you planning to have all the baseline changes in the branch |
@Sloane4 I expect to merge this with main as a "starting point" for all baselines once I have gone through the errors @crutchfield has identified when testing the automation script. I expect to have the updates in today COB and will have each of the baseline POCs review for the pull request! |
@tkol2022 I have updated the baseline for all the issues submitted, just need help with the rationals. Also for clarification are we still removing the should & shall language, because power bi is a current pull request without those changes. If so what is the preferred method to go about it. Thanks! |
Thanks!
|
Linking #359 for rationale |
Confirm that the current direction is to have an implementation section for each policy. This was also a note Ethan stressed as well! |
@ahuynhMITRE Just to tease out what exactly "an implementation for each policy" means... does that mean we have something like this:MS.PRODUCT.1.1v1Blah blah ImplementationThis is how we implement MS.PRODUCT.1.1v1. MS.PRODUCT.1.2v1Blah blah Or more like how it shows now in SharePoint where we have all policies in a group and the separate Implementation section for ALL of them, but with each policy item getting its own section of the Implementation like so PoliciesMS.PRODUCT.1.1v1Blah blah blah #### MS.PRODUCT.1.2v1Blah blah blah #### MS.PRODUCT.1.3v1blah blah blah ImplementationMS.PRODUCT.1.1v1, in the Product admin center: do these things MS.PRODUCT.1.2v1, Go to the Product settings page and do some other things MS.PRODUCT.1.3v1, Go to the security settings and do yet more and different things here Because both formats provide a separate implementation section for each policy, but are quite different in structure. |
Good point on the clarification @schrolla! I am inclined to lean towards how is is shown in SharePoint with a single implementation section per group with distinct steps for each policy. Though this comes my bias that this will be easier when separating out the steps into the wiki / limit the human errors with cutting and reformatting if the steps are spread throughout the bodies of policies. Any preferences from anyone else? |
The single implementation section was my preference as well. I just wanted to make sure that's what we were talking about as its less disruptive to overall baseline development and flows better for the reader, in my opinion. |
Single implementation section sounds good. @ahuynhMITRE let the authors know to follow this standard so we can wrap up those implementation sections. |
I will type it up as a "style guide" and add the details to @Dylan-MITRE's issue #361 and tag all of the authors for awareness! I will also dictate section ordering as well to address @schrolla's issue #371 |
closed |
💡 Summary
This issue captures the high-level tasks required to convert the existing SHAREPOINT ONLINE Secure Configuration Baseline document to a new structure based on the existing markdown format. The updates will include reordering and regrouping of existing policy items, additional fields for each policy item, and policy changes to clarify relative to existing implementation guidance.
Motivation and context
The new baseline policy document format will provide additional clarity to readers and support better automated assessment of baseline policy items for SHAREPOINT ONLINE.
Implementation notes
In order to make the changes referenced above, the following tasks will need to be accomplished:
CREATE and NUMBER policy group statements based on existing policy areas using updated markdown files found in Adjudicate "Structural Changes" to All Baseline Markdowns #212 and its associated branch
ADD
Rationale
section and text for each policyNote: Suggested format for Rationale
UPDATE policy item description to match the desired best practice and synchronize with implementation steps (e.g., setting should be 30 days or less when implementation shows setting days to <= 30)
Acceptance criteria
How do we know when this work is done?
Rationale
section using the suggested formatThe text was updated successfully, but these errors were encountered: