docs: Comment conditions on each test

2024-06-12 12:24:25 -05:00
parent cf7fbadbe7
commit 10471b4683
21 changed files with 370 additions and 75 deletions
--- a/source/tests/Test-RestrictExternalSharing.ps1
+++ b/source/tests/Test-RestrictExternalSharing.ps1
@@ -7,6 +7,24 @@ function Test-RestrictExternalSharing {
    )

    begin {
+    <#
+        Conditions for 7.2.3 (L1) Ensure external content sharing is restricted
+
+        Validate test for a pass:
+        - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
+        - Specific conditions to check:
+        - Condition A: The SharingCapability is set to "ExternalUserSharingOnly" or more restrictive in the SharePoint admin center.
+        - Condition B: Using PowerShell, the SharingCapability property for the SharePoint tenant is set to "ExternalUserSharingOnly", "ExistingExternalUserSharingOnly", or "Disabled".
+        - Condition C: The external sharing settings in SharePoint Online and OneDrive are set to the same or a more restrictive level than the organization’s sharing settings.
+
+        Validate test for a fail:
+        - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
+        - Specific conditions to check:
+        - Condition A: The SharingCapability is set to "Anyone" or "ExternalUserAndGuestSharing" in the SharePoint admin center.
+        - Condition B: Using PowerShell, the SharingCapability property for the SharePoint tenant is set to "Anyone" or "ExternalUserAndGuestSharing".
+        - Condition C: The external sharing settings in SharePoint Online and OneDrive are set to a more permissive level than the organization’s sharing settings.
+    #>
+
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
@@ -22,6 +40,7 @@ function Test-RestrictExternalSharing {
            $isRestricted = $SPOTenantSharingCapability.SharingCapability -in @('ExternalUserSharingOnly', 'ExistingExternalUserSharingOnly', 'Disabled')

            # Prepare failure reasons and details based on compliance
+            # Condition B: Using PowerShell, the SharingCapability property for the SharePoint tenant is set to "ExternalUserSharingOnly", "ExistingExternalUserSharingOnly", or "Disabled".
            $failureReasons = if (-not $isRestricted) {
                "External content sharing is not adequately restricted. Current setting: $($SPOTenantSharingCapability.SharingCapability)"
            }
@@ -29,6 +48,8 @@ function Test-RestrictExternalSharing {
                "N/A"
            }

+            # Condition A: The SharingCapability is set to "ExternalUserSharingOnly" or more restrictive in the SharePoint admin center.
+            # Condition C: The external sharing settings in SharePoint Online and OneDrive are set to the same or a more restrictive level than the organization’s sharing settings.
            $details = "SharingCapability: $($SPOTenantSharingCapability.SharingCapability)"

            # Create and populate the CISAuditResult object