grammatical changes

cisagov · Dec 20, 2024 · 64bd956 · 64bd956
1 parent 1b76e1e
commit 64bd956
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/PowerShell/ScubaGear/baselines/exo.md b/PowerShell/ScubaGear/baselines/exo.md
@@ -542,7 +542,7 @@ Data loss prevention (DLP) helps prevent both accidental leakage of
 sensitive information as well as intentional exfiltration of data. DLP
 forms an integral part of securing Microsoft Exchange Online. There are
 several commercial DLP solutions available that document support for
-M365. Microsoft itself offer DLP services, controlled within the Microsoft Purview
+M365. Microsoft itself offers DLP services, controlled within the Microsoft Purview
 compliance portal. Agencies may select any service that fits their needs and meets
 the requirements outlined in this baseline setting. The DLP solution selected by an agency
 should offer services comparable to those offered by Microsoft.
@@ -642,7 +642,7 @@ those offered by Microsoft.
 
 Though using Microsoft Defender's solution is not strictly required for
 this purpose, guidance for configuring the Common Attachment Filter in
-Microsoft Defender can be found in the follow section of the CISA M365 Secure Configuration Baseline for Defender for Office 365.
+Microsoft Defender can be found in the following section of the CISA M365 Secure Configuration Baseline for Defender for Office 365.
 
 - [Preset Security Policies \| CISA M365 Secure Configuration Baseline for Defender for Office 365](./defender.md#1-preset-security-profiles)
 
@@ -855,8 +855,8 @@ already delivered to mailboxes and removes them.
 Several techniques exist for protecting against phishing attacks,
 including the following:
 
-- Impersonation protection checks, wherein a tool compares the sender's
-  address to the addresses of known senders to flag look-alike
+- Impersonation protection checks, where a tool compares the sender's
+  address to the addresses of known senders in order to flag look-alike
   addresses, such as `user@exmple.com` and `user@example.com`.
 
 - User warnings, such as displaying a notice the first time a user
@@ -1419,7 +1419,7 @@ users with E5 licenses assigned is retained for one year.
 
 However, in accordance with Office of Management and Budget (OMB) Memorandum 21-31, _Improving the Federal Government's
 Investigative and Remediation Capabilities Related to Cybersecurity Incidents_,
-Microsoft 365 audit logs are to be retained at least 12 months in active
+Microsoft 365 (M365) audit logs are to be retained at least 12 months in active
 storage and an additional 18 months in cold storage. This can be accomplished
 by offloading the logs out of the cloud environment or natively through
 Microsoft by creating an [audit log retention

diff --git a/PowerShell/ScubaGear/baselines/removedpolicies.md b/PowerShell/ScubaGear/baselines/removedpolicies.md
@@ -1,7 +1,7 @@
 **`TLP:CLEAR`**
 # Removed CISA M365 Secure Configuration Baseline Policies
 
-This document tracks policies that have been removed from the Secure Configuration Baselines. The removal of a policy from the baselines does not necessarily imply that whatever configuration recommended by the removed policy should not be used. In each case, review the "Removal rationale" section of the removed policy in this document for more details.
+This document tracks policies that have been removed from the Secure Configuration Baselines. The removal of a policy from the baselines does not necessarily imply that the configuration originally recommended by the removed policy should no longer be used. In each case, review the "Removal rationale" section of the removed policy in this document for more details.
 
 The Secure Cloud Business Applications (SCuBA) project, run by the Cybersecurity and Infrastructure Security Agency (CISA), provides guidance and capabilities to secure federal civilian executive branch (FCEB) agencies’ cloud business application environments and protect federal information that is created, accessed, shared, and stored in those environments.
 
@@ -69,6 +69,6 @@ Users SHALL be prevented from running custom scripts on personal sites (aka OneD
 #### MS.SHAREPOINT.4.2v1
 Users SHALL be prevented from running custom scripts on self-service created sites.
 - _Removal date:_ November 2024
-- _Removal rationale:_ Microsoft has noted that after November 2024 it will no longer be possible to prevent SharePoint in resetting custom script settings to its original value (disabled) for all sites. All references including the policy, implementation steps, and section, by direction of CISA and Microsoft, have been removed as the setting will be automatically reverted back to **Blocked** within 24 hours.
+- _Removal rationale:_ Microsoft has noted that after November 2024 it will no longer be possible to prevent SharePoint in resetting custom script settings to its original value (disabled) for all sites. All references including the policy, implementation steps, and section have been removed at the direction of Microsoft and CISA, as the setting will be automatically reverted back to **Blocked** within 24 hours.
 
 **`TLP:CLEAR`**
diff --git a/PowerShell/ScubaGear/baselines/teams.md b/PowerShell/ScubaGear/baselines/teams.md
@@ -575,7 +575,7 @@ Data loss prevention (DLP) helps prevent both accidental leakage of
 sensitive information as well as intentional exfiltration of data. DLP
 forms an integral part of securing Microsoft Teams. There are
 several commercial DLP solutions available documenting support for
-M365. Microsoft itself offers DLP services, controlled within the Microsoft Purview
+Microsoft 365 (M365). Microsoft itself offers DLP services, controlled within the Microsoft Purview
 compliance portal. Agencies may select any service that fits their needs and meets
 the requirements outlined in this baseline setting. The DLP solution selected by an agency
 should offer services comparable to those offered by Microsoft.
@@ -636,7 +636,7 @@ Any product meeting the requirements outlined in this baseline policy may be use
 
 ## 7. Malware Scanning
 
-Malware scanning protects M365 Teams assets from malicious software. Several commercial anti-malware solutions detect and prevent computer viruses, malware, and other malicious software from being introduced into M365 Teams. Agencies may select any product that meets the requirements outlined in this baseline policy group. If the agency is using Microsoft Defender to implement malware scanning, see the following policies of the CISA M365 Secure Configuration Baseline for Defender for Office 365 for additional guidance.
+Malware scanning protects Microsoft 365 (M365) Teams assets from malicious software. Several commercial anti-malware solutions detect and prevent computer viruses, malware, and other malicious software from being introduced into M365 Teams. Agencies may select any product that meets the requirements outlined in this baseline policy group. If the agency is using Microsoft Defender to implement malware scanning, see the following policies of the CISA M365 Secure Configuration Baseline for Defender for Office 365 for additional guidance.
 
 - [MS.DEFENDER.3.1v1 \| CISA M365 Secure Configuration Baseline for Defender for Office 365](./defender.md#msdefender31v1)
   - Safe attachments SHOULD be enabled for SharePoint, OneDrive, and Microsoft Teams.