New Zoom Compliance Plugin and CIS Audit

Summary

Customers can now measure compliance against Zoom with new plugin ID 163517. This plugin retrieves target data via the Zoom API using API endpoint actions to gather data. The gathered actual values are evaluated against a given audit policy.

CIS Audits being released with the new plugin:

- CIS Zoom v1.0.0 - Level 1

- CIS Zoom v1.0.0 - Level 2

Target Release Date

August 29, 2022

Additional Notes:

The scanning credential requires the usage of the "Server-to-Server OAuth" Zoom auth type.

To setup the “Server-to-Server OAuth” type in your Zoom account, please perform the following:

- Login to https://marketplace.zoom.us/

- Click Develop at the top right > then Build App

- Under 'Server-to-Server OAuth' click Create

- Give this app a name

- The next screen will present an Account ID, Client ID, and Client Secret. All 3 will be required for audit credentials. Copy these values to save for scan setup

- Click Continue

- Specify company name, name, and email address. These fields are required to activate the app.

- Click Continue

- Event subscriptions are not needed for .audit scanning purposes.

- Click Continue

- New 'Scopes' will have to be added in order to retrieve required data for auditing

- Click Add Scopes

-- Click 'Account': Check the boxes for 'account:master' and 'account:read:admin'

-- Note: These are the minimum permissions required for Zoom compliance plugin access

- Click Done when all scopes are added

- Click Continue

- Click Activate your app

- New app setup is now complete

- Use the Account ID, Client ID, and Client Secret in the Tenable scan setup