Mods

turbot/zoom_compliance

GitHub
Overview
1Dashboards
171Controls
1Queries
0Variables
GitHub
CIS v1.0.0
1 Account Settings
1.1 Meeting
1.1.1 Security
1.1.1.1 Passcode Requirement
1.1.1.1.1 Ensure minimum passcode length is set to at least 6 characters (Manual)
1.1.1.1.2 Ensure passcode is set to have at least 1 letter (Manual)
1.1.1.1.3 Ensure passcode is set to have at least 1 number (Manual)
1.1.1.1.4 Ensure passcode is set to have at least 1 special character (Manual)
1.1.1.1.5 Ensure passcode include both uppercase and lowercase characters is set to enabled (Manual)
1.1.1.1.6 Ensure passcode cannot contain consecutive characters is set to enabled (Manual)
1.1.1.1.7 Ensure enhanced weak passcode detection is set to enabled (Manual)
1.1.1.1.8 Ensure only allow numeric passcode is set to disabled (Manual)
1.1.1.2 Ensure waiting room is set to enabled (Manual)
1.1.1.3 Ensure waiting room options is set to everyone (Manual)
1.1.1.4 Ensure require a passcode when scheduling new meetings is set to enabled (Manual)
1.1.1.5 Ensure room meeting ID passcode is set to enabled (Manual)
1.1.1.6 Ensure require a password for instant meetings is set to enabled (Manual)
1.1.1.7 Ensure require a password for Personal Meeting ID (PMI) is set to enabled (Manual)
1.1.1.8 Ensure embed password in meeting link for one-click join is set to enabled (Manual)
1.1.1.9 Ensure only authenticated users can join meetings is set to enabled (Manual)
1.1.1.10 Ensure require password for participants joining by phone is set to enabled (Manual)
1.1.1.11 Ensure only authenticated users can join meetings from Web client is set to enabled (Manual)
1.1.2 Schedule Meeting
1.1.2.1 Meeting password requirement
1.1.2.1.1 Have a minimum password length (Automated)
1.1.2.1.2 Specify a password length: (Automated)
1.1.2.1.3 Have at least 1 letter (a, b, c...) (Automated)
1.1.2.1.4 Have at least 1 number (1, 2, 3...) (Automated)
1.1.2.1.5 Have at least 1 special character (!, @, #...) (Manual)
1.1.2.1.6 Include both uppercase and lower case letters (Automated)
1.1.2.2 Ensure host video is set to disabled (Manual)
1.1.2.3 Ensure participants video is set to disabled (Manual)
1.1.2.4 Ensure join before host is set to disabled (Automated)
1.1.2.5 Ensure enable personal meeting ID is set to enabled (Manual)
1.1.2.6 Ensure use personal meeting ID (PMI) when scheduling a meeting is set to disabled (Manual)
1.1.2.7 Ensure use personal meeting ID (PMI) when starting an instant meeting is set to disabled (Manual)
1.1.2.8 Ensure add watermark is set to enabled (Manual)
1.1.2.9 Ensure add audio watermark is set to enabled (Manual)
1.1.2.10 Ensure always display "Zoom Meeting" as the meeting topic is set to enabled (Manual)
1.1.2.11 Ensure bypass the password when joining meetings from meeting list is set to enabled (Manual)
1.1.2.12 Ensure mute participants upon entry is set to enabled (Manual)
1.1.2.13 Ensure upcoming meeting reminder is set to enabled (Manual)
1.1.3 In Meeting (Basic)
1.1.3.1
1.1.3.1.1 Ensure allow meeting participants to send a message visible to all participants is set to disabled (Manual)
1.1.3.1.2 Ensure prevent participants from saving chat is set to enabled (Manual)
1.1.3.2 Sound notification when someone joins or leaves
1.1.3.2.1 Ensure sound notification when someone joins or leaves is set to enabled (Manual)
1.1.3.2.2 Ensure play sound for "Host and co-host only" is set to enabled (Manual)
1.1.3.2.3 Ensure when someone joins by phone, ask to record their voice to use as the notification is set to enabled (Manual)
1.1.3.3 File Transfer
1.1.3.3.1 Ensure hosts and participants can send files through the in-meeting chat is set to disabled (Manual)
1.1.3.3.2 Ensure only allow specified file types is set to enabled (Manual)
1.1.3.4 Screen sharing
1.1.3.4.1 Ensure screen sharing is set to enabled (Manual)
1.1.3.4.2 Ensure "who can share?" is set to "Host Only" (Manual)
1.1.3.4.3 Ensure "Who can start sharing when someone else is sharing?" is set to "Host Only" (Manual)
1.1.3.5 Annotation
1.1.3.5.1 Ensure annotation is set to disabled (Manual)
1.1.3.5.2 Ensure allow saving of shared screens with annotations is set to disabled (Manual)
1.1.3.5.3 Ensure only the user who is sharing can annotate is set to enabled (Manual)
1.1.3.6 Whiteboard
1.1.3.6.1 Ensure whiteboard is set to disabled (Manual)
1.1.3.6.2 Ensure allow saving of whiteboard content is set to disabled (Manual)
1.1.3.6.3 Ensure auto save whiteboard content when sharing is stopped is set to disabled (Manual)
1.1.3.7 Ensure require encryption for 3rd party endpoints (SIP/H.323) is set to enabled (Manual)
1.1.3.8 Ensure allow meeting participants to send a private 1:1 message to another participant is set to disabled (Manual)
1.1.3.9 Ensure auto saving chats is set to enabled (Manual)
1.1.3.10 Ensure feedback to Zoom is set to enabled (Manual)
1.1.3.11 Ensure co-host is set to enabled (Manual)
1.1.3.12 Ensure polling is set to enabled (Manual)
1.1.3.13 Ensure always show meeting control toolbar is set to enabled (Manual)
1.1.3.14 Ensure show Zoom windows during screen share is set to enabled (Manual)
1.1.3.15 Ensure disable desktop/screen share for users is set to enabled (Manual)
1.1.3.16 Ensure remote control is set to disabled (Manual)
1.1.3.17 Ensure nonverbal feedback is set to disabled (Manual)
1.1.3.18 Ensure meeting reactions is set to disabled (Manual)
1.1.3.19 Ensure allow removed participants to rejoin is set to disabled (Manual)
1.1.3.20 Ensure allow participants to rename themselves is set to enabled (Manual)
1.1.3.21 Ensure hide participant profile pictures in a meeting is set to disabled (Manual)
1.1.4 In Meeting (Advanced)
1.1.4.1 Select data center regions for meetings/webinars hosted by your account
1.1.4.1.1 Ensure select data center regions for meetings/webinars hosted by your account is set to enabled (Manual)
1.1.4.1.2 Ensure data center regions is set to local countries (Manual)
1.1.4.2 Breakout room
1.1.4.2.1 Ensure breakout room is set to enabled (Manual)
1.1.4.2.2 Ensure allow host to assign participants to breakout rooms when scheduling is set to enabled (Manual)
1.1.4.3 Virtual background
1.1.4.3.1 Ensure virtual background is set to enabled (Manual)
1.1.4.3.2 Ensure allow use of videos for virtual backgrounds is set to disabled (Manual)
1.1.4.3.3 Ensure allow users to upload custom backgrounds is set to disabled (Manual)
1.1.4.4 Peer to Peer connection while only 2 people in a meeting
1.1.4.4.1 Ensure peer to peer connection while only 2 people in a meeting is set to disabled (Manual)
1.1.4.4.2 Enable listening ports range is set as appropriate for organization (Manual)
1.1.4.5 Ensure report participants to Zoom is set to enabled (Manual)
1.1.4.6 Ensure remote support is set to disabled (Manual)
1.1.4.7 Ensure closed captioning is set to disabled (Manual)
1.1.4.8 Ensure save captions is set to disabled (Manual)
1.1.4.9 Ensure far end camera control is set to disabled (Manual)
1.1.4.10 Ensure identify guest participants in the meeting/webinar is set to enabled (Manual)
1.1.4.11 Ensure auto-answer group in chat is set to disabled (Manual)
1.1.4.12 Ensure only show default email when sending email invites is set to enabled (Manual)
1.1.4.13 Ensure use HTML format email for Outlook plugin is set to enabled (Manual)
1.1.4.14 Ensure show a "Join from your browser" link is set to enabled (Manual)
1.1.4.15 Ensure allow live streaming meetings is set to disabled (Manual)
1.1.4.16 Ensure allow Skype for Business (Lync) client to join a Zoom meeting is set to disabled (Manual)
1.1.4.17 Ensure request permission to unmute is set to enabled (Manual)
1.1.5 Calendar and Contacts
1.1.5.1 Ensure calendar and contacts integration is set to disabled (Manual)
1.1.5.2 Ensure ask users to integrate Office 365 calendar when they sign in is set to disabled (Manual)
1.1.5.3 Ensure consent to Office 365 calendar integration permissions on behalf of entire account is set to disabled (Manual)
1.1.5.4 Ensure enforce OAuth 2.0 for Office 365 calendar integration is set to enabled (Manual)
1.1.6 Email Notification
1.1.6.1 When a cloud recording is available
1.1.6.1.1 Ensure when a cloud recording is available is set to enabled (Manual)
1.1.6.1.2 Ensure Send a copy to the person who scheduled the meeting/webinar for the host is set to enabled (Manual)
1.1.6.1.3 Ensure send a copy to the Alternative Hosts is set to enabled (Manual)
1.1.6.2 Ensure when attendees join meeting before host is set to enabled (Manual)
1.1.6.3 Ensure when a meeting is cancelled is set to enabled (Manual)
1.1.6.4 Ensure when an alternative host is set or removed from a meeting is set to enabled (Manual)
1.1.6.5 Enable when someone scheduled a meeting for a host is set to enabled (Manual)
1.1.6.6 Ensure when the cloud recording is going to be permanently deleted from trash is set to enabled (Manual)
1.1.7 Admin Options
1.1.7.1 Ensure blur snapshot on iOS task switcher is set to enabled (Manual)
1.1.7.2 Ensure display meetings scheduled for others is set to enabled (Manual)
1.1.7.3 Ensure use content delivery network (CDN) is set to "Default" (Manual)
1.1.7.4 Ensure allow users to contact Zoom's support via chat is set to enabled (Manual)
1.2 Recording
1.2.1 Local Recording
1.2.1.1 Ensure local recording is set to enabled (Manual)
1.2.1.2 Ensure hosts can give participants the permission to record locally is set to enabled (Manual)
1.2.2 Cloud Recording
1.2.2.1 Ensure cloud recording is set to enabled (Manual)
1.2.2.2 Ensure record active speaker with shared screen is set to enabled (Manual)
1.2.2.3 Ensure record gallery view with shared screen is set to enabled (Manual)
1.2.2.4 Ensure record active speaker, gallery view and shared screen separately is set to enabled (Manual)
1.2.2.5 Ensure record an audio only file is set to enabled (Manual)
1.2.2.6 Ensure save chat messages from the meeting / webinar is set to enabled (Manual)
1.2.3 Advanced cloud recording settings
1.2.3.1 Ensure add a timestamp to the recording is set to enabled (Manual)
1.2.3.2 Ensure display participants' names in the recording is set to enabled (Manual)
1.2.3.3 Ensure record thumbnails when sharing is set to enabled (Manual)
1.2.3.4 Ensure optimize the recording for 3rd party video editor is set to enabled (Manual)
1.2.3.5 Ensure save panelist chat to the recording is set to enabled (Manual)
1.2.4 Automatic recording
1.2.4.1 Ensure automatic recording is set to enabled (Manual)
1.2.4.2 Ensure automatic recording is set to "Record in the Cloud" (Manual)
1.2.4.3 Ensure host can pause/stop the auto recording in the cloud is set to enabled (Manual)
1.2.5 Cloud recording downloads
1.2.5.1 Ensure cloud recording downloads is set to enabled (Manual)
1.2.5.2 Ensure only the host can download cloud recordings is set to enabled (Manual)
1.2.6 Set minimum passcode strength requirements
1.2.6.1 Ensure have a minimum passcode length is set to 8 characters or greater (Manual)
1.2.6.2 Ensure passcode have at least 1 letter is set to enabled (Manual)
1.2.6.3 Ensure passcode have at least 1 number is set to enabled (Manual)
1.2.6.4 Ensure passcode have at least 1 special character is set to enabled (Manual)
1.2.6.5 Ensure allow numeric passcode is set to disabled (Manual)
1.2.7 Recording disclaimer
1.2.7.1 Ensure recording disclaimer is set to enabled (Manual)
1.2.7.2 Ensure ask participants for consent when a recording starts is set to enabled (Manual)
1.2.7.3 Ensure ask host to confirm before starting a recording is set to enabled (Manual)
1.2.8 Ensure prevent hosts from accessing their cloud recordings is set to enabled (Manual)
1.2.9 Ensure IP address access control is set to organization approved ranges (Manual)
1.2.10 Ensure require passcode to access shared cloud recordings is set to enabled (Manual)
1.2.11 Ensure the host can delete cloud recordings is set to disabled (Manual)
1.2.12 Ensure allow recovery of deleted cloud recordings from trash is set to enabled (Manual)
1.2.13 Ensure multiple audio notifications of recorded meeting is set to enabled (Manual)
1.3 Telephone
1.3.1 Ensure toll call is set to enabled (Manual)
1.3.2 Ensure mask phone number in the participant list is set to enabled (Manual)
1.3.3 Ensure global dial-in countries/regions is set to enabled (Manual)
2 IM Management
2.1 IM Settings
2.1.1 Sharing
2.1.1.1 Ensure screen capture is set to disabled (Manual)
2.1.1.2 Ensure code snippet is set to disabled (Manual)
2.1.1.3 Ensure animated GIF images is set to disabled (Manual)
2.1.1.4 Ensure file transfer is set to disabled (Manual)
2.1.2 Visibility
2.1.2.1 Ensure set chat as a default tab for first-time users is set to disabled (Manual)
2.1.2.2 Ensure show H.323 contacts is set to disabled (Manual)
2.1.2.3 Ensure company contacts is set to disabled (Manual)
2.1.2.4 Ensure IM groups is set to enabled (Manual)
2.1.2.5 Ensure announcements is set to disabled (Manual)
2.1.3 Security
2.1.3.1 Ensure enable advanced chat encryption is set to enabled (Manual)
2.1.3.2 Ensure enable personal channel in chat window is set to disabled (Manual)
2.1.3.3 Ensure allow users to add contacts is set to disabled (Manual)
2.1.3.4 Ensure allow users to chat with others is set to disabled (Manual)
2.1.3.5 Ensure show status to external contacts is set to disabled (Manual)
2.1.4 Storage
2.1.4.1 Ensure cloud storage is set to enabled (Manual)
2.1.4.2 Ensure delete local data is set to disabled (Manual)
2.1.4.3 Ensure store edited and deleted message revisions is set to disabled (Manual)
2.1.4.4 Ensure third party archiving is set to disabled (Manual)
2.2 Enable IM groups is set to the organization's needs (Manual)
3 Advanced
3.1 Security
3.1.1 Authentication
3.1.1.1 Enhanced Password Requirement
3.1.1.1.1 Ensure minimum password length is set to 9 characters or greater (Manual)
3.1.1.1.2 Ensure password have at least 1 special character is set to enabled (Manual)
3.1.1.1.3 Ensure password cannot contain consecutive characters is set to enabled (Manual)
3.1.1.1.4 Ensure use enhanced weak password detection is set to enabled (Manual)
3.1.1.2 Password Policy
3.1.1.2.1 Ensure new users need to change their passwords upon first sign-in is set to enabled (Manual)
3.1.1.2.2 Ensure password expires automatically and needs to be changed after 365 days (Manual)
3.1.1.2.3 Ensure users cannot reuse any password used in the last 5 times or more (Manual)
3.1.1.2.4 Enable users can change their password 1 time every 24 hours (Manual)
3.1.1.3 Security
3.1.1.3.1 Ensure only account admin can change licensed users' personal meeting ID and personal link name (Manual)
3.1.1.3.2 Ensure allow importing of photos from the photo library on the user's device is set to disabled (Manual)
3.1.1.3.3 Ensure hide billing information from administrators is set to enabled (Manual)
3.2 Ensure integration is set to appropriate organizational needs (Manual)
On This Page
Usage
Benchmarks
Tags
Get Involved
Edit on GitHub
Discuss on Slack

Benchmark: 2.1 IM Settings

Usage

steampipe check zoom_compliance.benchmark.cis_v100_2_1

Benchmarks

Tags

category = Compliance
cis = true
cis_section_id = 2.1
cis_version = v1.0.0
plugin = zoom
service = Zoom/IM
type = Benchmark