Initial Commit

2024-03-25 08:34:43 -05:00
commit 0226b293b5
137 changed files with 9448 additions and 0 deletions
--- a/Controls/Test-AntiPhishingPolicy_2.1.7_E5L1_IG3.ps1
+++ b/Controls/Test-AntiPhishingPolicy_2.1.7_E5L1_IG3.ps1
@@ -0,0 +1,59 @@
+function Test-AntiPhishingPolicy_2.1.7_E5L1_IG3 {
+    [CmdletBinding()]
+    param (
+        # Parameters can be added if needed
+    )
+
+    begin {
+        # Dot source the class script
+        . ".\source\Classes\CISAuditResult.ps1"
+        $auditResults = @()
+    }
+
+    process {
+
+        # Retrieve and validate the anti-phishing policies
+        $antiPhishPolicies = Get-AntiPhishPolicy
+        $validatedPolicies = $antiPhishPolicies | Where-Object {
+            $_.Enabled -eq $true -and
+            $_.PhishThresholdLevel -ge 2 -and
+            $_.EnableMailboxIntelligenceProtection -eq $true -and
+            $_.EnableMailboxIntelligence -eq $true -and
+            $_.EnableSpoofIntelligence -eq $true
+        }
+
+        # Check if there is at least one policy that meets the requirements
+        $isCompliant = $validatedPolicies.Count -gt 0
+
+        # Prepare failure details if policies are not compliant
+        $failureDetails = if (-not $isCompliant) {
+            "No anti-phishing policy is fully compliant with CIS benchmark requirements."
+        } else {
+            "Compliant Anti-Phish Policy Names: " + ($validatedPolicies.Name -join ', ')
+        }
+
+        # Create an instance of CISAuditResult and populate it
+        $auditResult = [CISAuditResult]::new()
+        $auditResult.Status = if ($isCompliant) { "Pass" } else { "Fail" }
+        $auditResult.ELevel = "E5"
+        $auditResult.Profile = "L1"
+        $auditResult.Rec = "2.1.7"
+        $auditResult.RecDescription = "Ensure that an anti-phishing policy has been created"
+        $auditResult.CISControlVer = "v8"
+        $auditResult.CISControl = "9.7"
+        $auditResult.CISDescription = "Deploy and Maintain Email Server Anti-Malware Protections"
+        $auditResult.IG1 = $false
+        $auditResult.IG2 = $false
+        $auditResult.IG3 = $true
+        $auditResult.Result = $isCompliant
+        $auditResult.Details = $failureDetails
+        $auditResult.FailureReason = if (-not $isCompliant) { "Anti-phishing policies do not meet CIS benchmark requirements." } else { "N/A" }
+
+        $auditResults += $auditResult
+    }
+
+    end {
+        # Return auditResults
+        return $auditResults
+    }
+}