ASD's Blueprint for Secure Cloud

Transport rules

This section describes the configuration of remote connectors within Exchange Online associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Rule conditions

ItemValue
NameRequire TLS for sensitive items
Apply this rule if
- The recipientis external/internal
- The recipient is locatedOutside the organisation
And
- The message headers…includes any of these words
- Header Namemsip_labels
- Words or phrasesAll OFFICIAL Sensitive GUIDs
All PROTECTED GUIDs
Do the following
- Modify the message securityRequire TLS encryption

Rule settings

ItemValue
Priority0
Rule modeEnforce
Severity
Match sender address in messageHeader

Security & Governance

  • None identified

Design

  • None identified

Configuration

  • None identified

References

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra