diff --git a/source/Classes/CISAuditResult.ps1 b/source/Classes/CISAuditResult.ps1 index 8d04777..2cc80fd 100644 --- a/source/Classes/CISAuditResult.ps1 +++ b/source/Classes/CISAuditResult.ps1 @@ -2,6 +2,8 @@ class CISAuditResult { [string]$Status [string]$ELevel [string]$ProfileLevel + [bool]$Automated + [string]$Connection [string]$Rec [string]$RecDescription [string]$CISControlVer = 'v8' diff --git a/source/Private/Initialize-CISAuditResult.ps1 b/source/Private/Initialize-CISAuditResult.ps1 new file mode 100644 index 0000000..6cc1e40 --- /dev/null +++ b/source/Private/Initialize-CISAuditResult.ps1 @@ -0,0 +1,55 @@ +function Initialize-CISAuditResult { + param ( + [Parameter(Mandatory = $true)] + [string]$Rec, + + [Parameter(Mandatory = $true)] + [bool]$Result, + + [Parameter(Mandatory = $true)] + [string]$Status, + + [Parameter(Mandatory = $true)] + [string]$Details, + + [Parameter(Mandatory = $true)] + [string]$FailureReason, + + [Parameter(Mandatory = $true)] + [string]$RecDescription, + + [Parameter(Mandatory = $true)] + [string]$CISControl, + + [Parameter(Mandatory = $true)] + [string]$CISDescription + ) + + # Import the test definitions CSV file + $testDefinitionsPath = Join-Path -Path $PSScriptRoot -ChildPath "helper/TestDefinitions.csv" + $testDefinitions = Import-Csv -Path $testDefinitionsPath + + # Find the row that matches the provided recommendation (Rec) + $testDefinition = $testDefinitions | Where-Object { $_.Rec -eq $Rec } + + # Create an instance of CISAuditResult and populate it + $auditResult = [CISAuditResult]::new() + $auditResult.Rec = $Rec + $auditResult.ELevel = $testDefinition.ELevel + $auditResult.ProfileLevel = $testDefinition.ProfileLevel + $auditResult.IG1 = [bool]::Parse($testDefinition.IG1) + $auditResult.IG2 = [bool]::Parse($testDefinition.IG2) + $auditResult.IG3 = [bool]::Parse($testDefinition.IG3) + $auditResult.RecDescription = $RecDescription + $auditResult.CISControl = $CISControl + $auditResult.CISDescription = $CISDescription + $auditResult.Automated = [bool]::Parse($testDefinition.Automated) + $auditResult.Connection = $testDefinition.Connection + $auditResult.CISControlVer = 'v8' + $auditResult.Result = $Result + $auditResult.Status = $Status + $auditResult.Details = $Details + $auditResult.FailureReason = $FailureReason + + return $auditResult +} diff --git a/source/tests/Test-AdministrativeAccountCompliance.ps1 b/source/tests/Test-AdministrativeAccountCompliance.ps1 index 3e6dce1..66cc0a9 100644 --- a/source/tests/Test-AdministrativeAccountCompliance.ps1 +++ b/source/tests/Test-AdministrativeAccountCompliance.ps1 @@ -4,10 +4,12 @@ function Test-AdministrativeAccountCompliance { # Aligned # Parameters can be added if needed ) + begin { #. .\source\Classes\CISAuditResult.ps1 $validLicenses = @('AAD_PREMIUM', 'AAD_PREMIUM_P2') } + process { $adminRoles = Get-MgRoleManagementDirectoryRoleDefinition | Where-Object { $_.DisplayName -like "*Admin*" } $adminRoleUsers = @() @@ -58,21 +60,23 @@ function Test-AdministrativeAccountCompliance { "Compliant Accounts: $($uniqueAdminRoleUsers.Count)" } - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($nonCompliantUsers) { 'Fail' } else { 'Pass' } - $auditResult.ELevel = 'E3' - $auditResult.ProfileLevel = 'L1' - $auditResult.Rec = '1.1.1' - $auditResult.RecDescription = "Ensure Administrative accounts are separate and cloud-only" - $auditResult.CISControlVer = 'v8' - $auditResult.CISControl = "5.4" - $auditResult.CISDescription = "Restrict Administrator Privileges to Dedicated Administrator Accounts" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $nonCompliantUsers.Count -eq 0 - $auditResult.Details = $Details - $auditResult.FailureReason = if ($nonCompliantUsers) { "Non-compliant accounts: `nUsername | Roles | HybridStatus | Missing Licence`n$failureReasons" } else { "N/A" } + $result = $nonCompliantUsers.Count -eq 0 + $status = if ($result) { 'Pass' } else { 'Fail' } + $failureReason = if ($nonCompliantUsers) { "Non-compliant accounts: `nUsername | Roles | HybridStatus | Missing Licence`n$failureReasons" } else { "N/A" } + + # Create the parameter splat + $params = @{ + Rec = "1.1.1" + Result = $result + Status = $status + Details = $details + FailureReason = $failureReason + RecDescription = "Ensure Administrative accounts are separate and cloud-only" + CISControl = "5.4" + CISDescription = "Restrict Administrator Privileges to Dedicated Administrator Accounts" + } + + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-AntiPhishingPolicy.ps1 b/source/tests/Test-AntiPhishingPolicy.ps1 index 4b669db..a9b26e8 100644 --- a/source/tests/Test-AntiPhishingPolicy.ps1 +++ b/source/tests/Test-AntiPhishingPolicy.ps1 @@ -40,7 +40,8 @@ function Test-AntiPhishingPolicy { $nonCompliantNames = $nonCompliantItems | ForEach-Object { $_.Name } $failureReasons = if ($nonCompliantNames.Count -gt 0) { "Reason: Does not meet one or more compliance criteria.`nNon-compliant Policies:`n" + ($nonCompliantNames -join "`n") - } else { + } + else { "N/A" } @@ -58,27 +59,24 @@ function Test-AntiPhishingPolicy { "Compliant Items: $($compliantItems.Count)" } - # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($isCompliant) { "Pass" } else { "Fail" } - $auditResult.ELevel = 'E5' # Modify as needed - $auditResult.ProfileLevel = 'L1' # Modify as needed - $auditResult.Rec = '2.1.7' # Modify as needed - $auditResult.RecDescription = "Ensure that an anti-phishing policy has been created" # Modify as needed - $auditResult.CISControlVer = 'v8' # Modify as needed - $auditResult.CISControl = "9.7" # Modify as needed - $auditResult.CISDescription = "Deploy and Maintain Email Server Anti-Malware Protections" # Modify as needed - $auditResult.IG1 = $false # Modify as needed - $auditResult.IG2 = $false # Modify as needed - $auditResult.IG3 = $true # Modify as needed - $auditResult.Result = $nonCompliantItems.Count -eq 0 - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + # Parameter splat for Initialize-CISAuditResult function + $params = @{ + Rec = "2.1.7" + Result = $nonCompliantItems.Count -eq 0 + Status = if ($isCompliant) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure that an anti-phishing policy has been created" + CISControl = "9.7" + CISDescription = "Deploy and Maintain Email Server Anti-Malware Protections" + } + # Create and populate the CISAuditResult object + $auditResult = Initialize-CISAuditResult @params } end { - # Return auditResults + # Return auditResult return $auditResult } } diff --git a/source/tests/Test-AuditDisabledFalse.ps1 b/source/tests/Test-AuditDisabledFalse.ps1 index 1ba0362..69e09d6 100644 --- a/source/tests/Test-AuditDisabledFalse.ps1 +++ b/source/tests/Test-AuditDisabledFalse.ps1 @@ -34,21 +34,17 @@ function Test-AuditDisabledFalse { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($auditNotDisabled) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "6.1.1" - $auditResult.RecDescription = "Ensure 'AuditDisabled' organizationally is set to 'False'" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "8.2" - $auditResult.CISDescription = "Collect Audit Logs" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $auditNotDisabled - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "6.1.1" + Result = $auditNotDisabled + Status = if ($auditNotDisabled) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure 'AuditDisabled' organizationally is set to 'False'" + CISControl = "8.2" + CISDescription = "Collect Audit Logs" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-AuditLogSearch.ps1 b/source/tests/Test-AuditLogSearch.ps1 index 48a0c91..f1c51fe 100644 --- a/source/tests/Test-AuditLogSearch.ps1 +++ b/source/tests/Test-AuditLogSearch.ps1 @@ -34,21 +34,18 @@ function Test-AuditLogSearch { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($auditLogResult) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "3.1.1" - $auditResult.RecDescription = "Ensure Microsoft 365 audit log search is Enabled" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "8.2" - $auditResult.CISDescription = "Collect Audit Logs" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $auditLogResult - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "3.1.1" + Result = $auditLogResult + Status = if ($auditLogResult) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure Microsoft 365 audit log search is Enabled" + CISControl = "8.2" + CISDescription = "Collect Audit Logs" + } + $auditResult = Initialize-CISAuditResult @params + } end { diff --git a/source/tests/Test-BlockChannelEmails.ps1 b/source/tests/Test-BlockChannelEmails.ps1 index f69a5c0..917f1b2 100644 --- a/source/tests/Test-BlockChannelEmails.ps1 +++ b/source/tests/Test-BlockChannelEmails.ps1 @@ -34,21 +34,17 @@ function Test-BlockChannelEmails { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" # This control is explicitly not mapped as per the image provided - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.Rec = "8.1.2" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.IG1 = $false # Set based on the benchmark - $auditResult.IG2 = $false # Set based on the benchmark - $auditResult.IG3 = $false # Set based on the benchmark - $auditResult.RecDescription = "Ensure users can't send emails to a channel email address" - $auditResult.Result = -not $allowEmailIntoChannel - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if (-not $allowEmailIntoChannel) { "Pass" } else { "Fail" } + $params = @{ + Rec = "8.1.2" + Result = -not $allowEmailIntoChannel + Status = if (-not $allowEmailIntoChannel) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure users can't send emails to a channel email address" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-BlockMailForwarding.ps1 b/source/tests/Test-BlockMailForwarding.ps1 index f00377d..c7a25a4 100644 --- a/source/tests/Test-BlockMailForwarding.ps1 +++ b/source/tests/Test-BlockMailForwarding.ps1 @@ -35,22 +35,17 @@ function Test-BlockMailForwarding { "Step 1: No forwarding rules found. Please proceed with Step 2 described in CIS Benchmark." } - # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Rec = "6.2.1" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" # Explicitly Not Mapped - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.IG1 = $false - $auditResult.IG2 = $false - $auditResult.IG3 = $false - $auditResult.RecDescription = "Ensure all forms of mail forwarding are blocked and/or disabled" - $auditResult.Result = $forwardingBlocked - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($forwardingBlocked) { "Pass" } else { "Fail" } + $params = @{ + Rec = "6.2.1" + Result = $forwardingBlocked + Status = if ($forwardingBlocked) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure all forms of mail forwarding are blocked and/or disabled" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-BlockSharedMailboxSignIn.ps1 b/source/tests/Test-BlockSharedMailboxSignIn.ps1 index 958d434..e3da822 100644 --- a/source/tests/Test-BlockSharedMailboxSignIn.ps1 +++ b/source/tests/Test-BlockSharedMailboxSignIn.ps1 @@ -36,21 +36,17 @@ function Test-BlockSharedMailboxSignIn { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" # Control is explicitly not mapped - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.Rec = "1.2.2" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.IG1 = $false # Control is not mapped, hence IG1 is false - $auditResult.IG2 = $false # Control is not mapped, hence IG2 is false - $auditResult.IG3 = $false # Control is not mapped, hence IG3 is false - $auditResult.RecDescription = "Ensure sign-in to shared mailboxes is blocked" - $auditResult.Result = $allBlocked - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($allBlocked) { "Pass" } else { "Fail" } + $params = @{ + Rec = "1.2.2" + Result = $allBlocked + Status = if ($allBlocked) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure sign-in to shared mailboxes is blocked" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-CommonAttachmentFilter.ps1 b/source/tests/Test-CommonAttachmentFilter.ps1 index 5d4e356..7229291 100644 --- a/source/tests/Test-CommonAttachmentFilter.ps1 +++ b/source/tests/Test-CommonAttachmentFilter.ps1 @@ -34,21 +34,17 @@ function Test-CommonAttachmentFilter { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($result) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "2.1.2" - $auditResult.RecDescription = "Ensure the Common Attachment Types Filter is enabled" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "9.6" - $auditResult.CISDescription = "Block Unnecessary File Types" - $auditResult.IG1 = $false - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $result - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "2.1.2" + Result = $result + Status = if ($result) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure the Common Attachment Types Filter is enabled" + CISControl = "9.6" + CISDescription = "Block Unnecessary File Types" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-CustomerLockbox.ps1 b/source/tests/Test-CustomerLockbox.ps1 index 2404203..b5e418b 100644 --- a/source/tests/Test-CustomerLockbox.ps1 +++ b/source/tests/Test-CustomerLockbox.ps1 @@ -33,22 +33,18 @@ function Test-CustomerLockbox { "Customer Lockbox Enabled: False" } - # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($customerLockboxEnabled) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E5" - $auditResult.ProfileLevel = "L2" - $auditResult.Rec = "1.3.6" - $auditResult.RecDescription = "Ensure the customer lockbox feature is enabled" - $auditResult.CISControlVer = 'v8' - $auditResult.CISControl = "0.0" # As per the snapshot provided, this is explicitly not mapped - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.IG1 = $false - $auditResult.IG2 = $false - $auditResult.IG3 = $false - $auditResult.Result = $customerLockboxEnabled - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + # Create and populate the CISAuditResult object # + $params = @{ + Rec = "1.3.6" + Result = $customerLockboxEnabled + Status = if ($customerLockboxEnabled) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure the customer lockbox feature is enabled" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-DialInBypassLobby.ps1 b/source/tests/Test-DialInBypassLobby.ps1 index 0d3eefb..f2ec463 100644 --- a/source/tests/Test-DialInBypassLobby.ps1 +++ b/source/tests/Test-DialInBypassLobby.ps1 @@ -34,21 +34,17 @@ function Test-DialInBypassLobby { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" # Explicitly Not Mapped - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.Rec = "8.5.4" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.IG1 = $false # Set based on the CIS Controls image - $auditResult.IG2 = $false # Set based on the CIS Controls image - $auditResult.IG3 = $false # Set based on the CIS Controls image - $auditResult.RecDescription = "Ensure users dialing in can't bypass the lobby" - $auditResult.Result = $PSTNBypassDisabled - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($PSTNBypassDisabled) { "Pass" } else { "Fail" } + $params = @{ + Rec = "8.5.4" + Result = $PSTNBypassDisabled + Status = if ($PSTNBypassDisabled) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure users dialing in can't bypass the lobby" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-DisallowInfectedFilesDownload.ps1 b/source/tests/Test-DisallowInfectedFilesDownload.ps1 index 67778fc..865e22e 100644 --- a/source/tests/Test-DisallowInfectedFilesDownload.ps1 +++ b/source/tests/Test-DisallowInfectedFilesDownload.ps1 @@ -35,21 +35,18 @@ function Test-DisallowInfectedFilesDownload { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "10.1" - $auditResult.CISDescription = "Deploy and Maintain Anti-Malware Software" - $auditResult.Rec = "7.3.1" - $auditResult.ELevel = "E5" - $auditResult.ProfileLevel = "L2" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.RecDescription = "Ensure Office 365 SharePoint infected files are disallowed for download" - $auditResult.Result = $isDisallowInfectedFileDownloadEnabled - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($isDisallowInfectedFileDownloadEnabled) { "Pass" } else { "Fail" } + $params = @{ + Rec = "7.3.1" + Result = $isDisallowInfectedFileDownloadEnabled + Status = if ($isDisallowInfectedFileDownloadEnabled) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure Office 365 SharePoint infected files are disallowed for download" + CISControl = "10.1" + CISDescription = "Deploy and Maintain Anti-Malware Software" + } + $auditResult = Initialize-CISAuditResult @params + } end { diff --git a/source/tests/Test-EnableDKIM.ps1 b/source/tests/Test-EnableDKIM.ps1 index 607fad2..806a862 100644 --- a/source/tests/Test-EnableDKIM.ps1 +++ b/source/tests/Test-EnableDKIM.ps1 @@ -35,21 +35,17 @@ function Test-EnableDKIM { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($dkimResult) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "2.1.9" - $auditResult.RecDescription = "Ensure that DKIM is enabled for all Exchange Online Domains" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "9.5" - $auditResult.CISDescription = "Implement DMARC" - $auditResult.IG1 = $false - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $dkimResult - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "2.1.9" + Result = $dkimResult + Status = if ($dkimResult) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure that DKIM is enabled for all Exchange Online Domains" + CISControl = "9.5" + CISDescription = "Implement DMARC" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-ExternalNoControl.ps1 b/source/tests/Test-ExternalNoControl.ps1 index 1fe7e7c..bf9c814 100644 --- a/source/tests/Test-ExternalNoControl.ps1 +++ b/source/tests/Test-ExternalNoControl.ps1 @@ -35,21 +35,17 @@ function Test-ExternalNoControl { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" # Explicitly Not Mapped - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.Rec = "8.5.7" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.IG1 = $false # Set based on the CIS Controls image - $auditResult.IG2 = $false # Set based on the CIS Controls image - $auditResult.IG3 = $false # Set based on the CIS Controls image - $auditResult.RecDescription = "Ensure external participants can't give or request control" - $auditResult.Result = $externalControlRestricted - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($externalControlRestricted) { "Pass" } else { "Fail" } + $params = @{ + Rec = "8.5.7" + Result = $externalControlRestricted + Status = if ($externalControlRestricted) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure external participants can't give or request control" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-ExternalSharingCalendars.ps1 b/source/tests/Test-ExternalSharingCalendars.ps1 index b37e8de..abc4d00 100644 --- a/source/tests/Test-ExternalSharingCalendars.ps1 +++ b/source/tests/Test-ExternalSharingCalendars.ps1 @@ -44,21 +44,17 @@ function Test-ExternalSharingCalendars { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Rec = "1.3.3" - $auditResult.RecDescription = "Ensure 'External sharing' of calendars is not available" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L2" - $auditResult.IG1 = $false - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "4.8" - $auditResult.CISDescription = "Uninstall or Disable Unnecessary Services on Enterprise Assets and Software" - $auditResult.Result = $isExternalSharingDisabled - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($isExternalSharingDisabled) { "Pass" } else { "Fail" } + $params = @{ + Rec = "1.3.3" + Result = $isExternalSharingDisabled + Status = if ($isExternalSharingDisabled) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure 'External sharing' of calendars is not available" + CISControl = "4.8" + CISDescription = "Uninstall or Disable Unnecessary Services on Enterprise Assets and Software" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-GlobalAdminsCount.ps1 b/source/tests/Test-GlobalAdminsCount.ps1 index a01089a..1a77c34 100644 --- a/source/tests/Test-GlobalAdminsCount.ps1 +++ b/source/tests/Test-GlobalAdminsCount.ps1 @@ -35,21 +35,17 @@ function Test-GlobalAdminsCount { $details = "Count: $globalAdminCount; Users: $globalAdminUsernames" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "5.1" - $auditResult.CISDescription = "Establish and Maintain an Inventory of Accounts" - $auditResult.Rec = "1.1.3" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.RecDescription = "Ensure that between two and four global admins are designated" - $auditResult.Result = $globalAdminCount -ge 2 -and $globalAdminCount -le 4 - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($globalAdminCount -ge 2 -and $globalAdminCount -le 4) { "Pass" } else { "Fail" } + $params = @{ + Rec = "1.1.3" + Result = $globalAdminCount -ge 2 -and $globalAdminCount -le 4 + Status = if ($globalAdminCount -ge 2 -and $globalAdminCount -le 4) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure that between two and four global admins are designated" + CISControl = "5.1" + CISDescription = "Establish and Maintain an Inventory of Accounts" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-GuestAccessExpiration.ps1 b/source/tests/Test-GuestAccessExpiration.ps1 index db002a1..2c2ca16 100644 --- a/source/tests/Test-GuestAccessExpiration.ps1 +++ b/source/tests/Test-GuestAccessExpiration.ps1 @@ -30,21 +30,17 @@ function Test-GuestAccessExpiration { $details = "ExternalUserExpirationRequired: $($SPOTenantGuestAccess.ExternalUserExpirationRequired); ExternalUserExpireInDays: $($SPOTenantGuestAccess.ExternalUserExpireInDays)" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" # Explicitly Not Mapped - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.Rec = "7.2.9" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.IG1 = $false - $auditResult.IG2 = $false - $auditResult.IG3 = $false - $auditResult.RecDescription = "Ensure guest access to a site or OneDrive will expire automatically" - $auditResult.Result = $isGuestAccessExpirationConfiguredCorrectly - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($isGuestAccessExpirationConfiguredCorrectly) { "Pass" } else { "Fail" } + $params = @{ + Rec = "7.2.9" + Result = $isGuestAccessExpirationConfiguredCorrectly + Status = if ($isGuestAccessExpirationConfiguredCorrectly) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure guest access to a site or OneDrive will expire automatically" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-GuestUsersBiweeklyReview.ps1 b/source/tests/Test-GuestUsersBiweeklyReview.ps1 index 64bd6c9..e25e462 100644 --- a/source/tests/Test-GuestUsersBiweeklyReview.ps1 +++ b/source/tests/Test-GuestUsersBiweeklyReview.ps1 @@ -15,51 +15,39 @@ function Test-GuestUsersBiweeklyReview { process { # 1.1.4 (L1) Ensure Guest Users are reviewed at least biweekly - try { - # Retrieve guest users from Microsoft Graph - # Connect-MgGraph -Scopes "User.Read.All" - $guestUsers = Get-MgUser -All -Filter "UserType eq 'Guest'" - # Prepare failure reasons and details based on compliance - $failureReasons = if ($guestUsers) { - "Guest users present: $($guestUsers.Count)" - } - else { - "N/A" - } + # Retrieve guest users from Microsoft Graph + # Connect-MgGraph -Scopes "User.Read.All" + $guestUsers = Get-MgUser -All -Filter "UserType eq 'Guest'" - $details = if ($guestUsers) { - $auditCommand = "Get-MgUser -All -Property UserType,UserPrincipalName | Where {`$_.UserType -ne 'Member'} | Format-Table UserPrincipalName, UserType" - "Manual review required. To list guest users, run: `"$auditCommand`"." - } - else { - "No guest users found." - } - - # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControl = "5.1, 5.3" - $auditResult.CISDescription = "Establish and Maintain an Inventory of Accounts, Disable Dormant Accounts" - $auditResult.Rec = "1.1.4" - $auditResult.RecDescription = "Ensure Guest Users are reviewed at least biweekly" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.CISControlVer = 'v8' - $auditResult.Result = -not $guestUsers - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($guestUsers) { "Fail" } else { "Pass" } + # Prepare failure reasons and details based on compliance + $failureReasons = if ($guestUsers) { + "Guest users present: $($guestUsers.Count)" } - catch { - $auditResult = [CISAuditResult]::new() - $auditResult.Status = "Error" - $auditResult.Result = $false - $auditResult.Details = "Error while attempting to check guest users. Error message: $($_.Exception.Message)" - $auditResult.FailureReason = "An error occurred during the audit check." + else { + "N/A" } + + $details = if ($guestUsers) { + $auditCommand = "Get-MgUser -All -Property UserType,UserPrincipalName | Where {`$_.UserType -ne 'Member'} | Format-Table UserPrincipalName, UserType" + "Manual review required. To list guest users, run: `"$auditCommand`"." + } + else { + "No guest users found." + } + + # Create and populate the CISAuditResult object + $params = @{ + Rec = "1.1.4" + Result = -not $guestUsers + Status = if ($guestUsers) { "Fail" } else { "Pass" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure Guest Users are reviewed at least biweekly" + CISControl = "5.1, 5.3" + CISDescription = "Establish and Maintain an Inventory of Accounts, Disable Dormant Accounts" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-IdentifyExternalEmail.ps1 b/source/tests/Test-IdentifyExternalEmail.ps1 index a876c7d..784c048 100644 --- a/source/tests/Test-IdentifyExternalEmail.ps1 +++ b/source/tests/Test-IdentifyExternalEmail.ps1 @@ -30,21 +30,17 @@ function Test-IdentifyExternalEmail { $details = "Enabled: $($externalTaggingEnabled); AllowList: $($externalInOutlook.AllowList)" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($externalTaggingEnabled) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "6.2.3" - $auditResult.RecDescription = "Ensure email from external senders is identified" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" # Explicitly Not Mapped - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.IG1 = $false - $auditResult.IG2 = $false - $auditResult.IG3 = $false - $auditResult.Result = $externalTaggingEnabled - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "6.2.3" + Result = $externalTaggingEnabled + Status = if ($externalTaggingEnabled) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure email from external senders is identified" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-LinkSharingRestrictions.ps1 b/source/tests/Test-LinkSharingRestrictions.ps1 index a2bcaba..8f1f142 100644 --- a/source/tests/Test-LinkSharingRestrictions.ps1 +++ b/source/tests/Test-LinkSharingRestrictions.ps1 @@ -30,21 +30,17 @@ function Test-LinkSharingRestrictions { $details = "DefaultSharingLinkType: $($SPOTenantLinkSharing.DefaultSharingLinkType)" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($isLinkSharingRestricted) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "7.2.7" - $auditResult.RecDescription = "Ensure link sharing is restricted in SharePoint and OneDrive" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "3.3" - $auditResult.CISDescription = "Configure Data Access Control Lists" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $isLinkSharingRestricted - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "7.2.7" + Result = $isLinkSharingRestricted + Status = if ($isLinkSharingRestricted) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure link sharing is restricted in SharePoint and OneDrive" + CISControl = "3.3" + CISDescription = "Configure Data Access Control Lists" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-MailTipsEnabled.ps1 b/source/tests/Test-MailTipsEnabled.ps1 index 410a066..bfa8475 100644 --- a/source/tests/Test-MailTipsEnabled.ps1 +++ b/source/tests/Test-MailTipsEnabled.ps1 @@ -37,20 +37,17 @@ function Test-MailTipsEnabled { } # Create and populate the CISAuditResult object - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" # Explicitly Not Mapped - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.Rec = "6.5.2" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L2" - $auditResult.IG1 = $false - $auditResult.IG2 = $false - $auditResult.IG3 = $false - $auditResult.RecDescription = "Ensure MailTips are enabled for end users" - $auditResult.Result = $allTipsEnabled -and $externalRecipientsTipsEnabled - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($auditResult.Result) { "Pass" } else { "Fail" } + $params = @{ + Rec = "6.5.2" + Result = $allTipsEnabled -and $externalRecipientsTipsEnabled + Status = if ($allTipsEnabled -and $externalRecipientsTipsEnabled) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure MailTips are enabled for end users" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-MailboxAuditingE3.ps1 b/source/tests/Test-MailboxAuditingE3.ps1 index 186a2f6..68361aa 100644 --- a/source/tests/Test-MailboxAuditingE3.ps1 +++ b/source/tests/Test-MailboxAuditingE3.ps1 @@ -15,17 +15,6 @@ function Test-MailboxAuditingE3 { $DelegateActions = @("ApplyRecord", "Create", "FolderBind", "HardDelete", "Move", "MoveToDeletedItems", "SendAs", "SendOnBehalf", "SoftDelete", "Update", "UpdateFolderPermissions", "UpdateInboxRules") $OwnerActions = @("ApplyRecord", "Create", "HardDelete", "MailboxLogin", "Move", "MoveToDeletedItems", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateInboxRules") - $auditResult = [CISAuditResult]::new() - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "6.1.2" - $auditResult.RecDescription = "Ensure mailbox auditing for Office E3 users is Enabled" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "8.2" - $auditResult.CISDescription = "Collect audit logs." - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true $allFailures = @() $allUsers = Get-AzureADUser -All $true @@ -82,10 +71,17 @@ function Test-MailboxAuditingE3 { $details = if ($allFailures.Count -eq 0) { "All Office E3 users have correct mailbox audit settings." } else { $allFailures -join " | " } # Populate the audit result - $auditResult.Result = $allFailures.Count -eq 0 - $auditResult.Status = if ($auditResult.Result) { "Pass" } else { "Fail" } - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "6.1.2" + Result = $allFailures.Count -eq 0 + Status = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure mailbox auditing for Office E3 users is Enabled" + CISControl = "8.2" + CISDescription = "Collect audit logs." + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-MailboxAuditingE5.ps1 b/source/tests/Test-MailboxAuditingE5.ps1 index aab4538..c4c3dc4 100644 --- a/source/tests/Test-MailboxAuditingE5.ps1 +++ b/source/tests/Test-MailboxAuditingE5.ps1 @@ -15,17 +15,7 @@ function Test-MailboxAuditingE5 { $DelegateActions = @("ApplyRecord", "Create", "FolderBind", "HardDelete", "MailItemsAccessed", "Move", "MoveToDeletedItems", "SendAs", "SendOnBehalf", "SoftDelete", "Update", "UpdateFolderPermissions", "UpdateInboxRules") $OwnerActions = @("ApplyRecord", "Create", "HardDelete", "MailboxLogin", "Move", "MailItemsAccessed", "MoveToDeletedItems", "Send", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateInboxRules") - $auditResult = [CISAuditResult]::new() - $auditResult.ELevel = "E5" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "6.1.3" - $auditResult.RecDescription = "Ensure mailbox auditing for Office E5 users is Enabled" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "8.2" - $auditResult.CISDescription = "Collect audit logs." - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true + $allFailures = @() $allUsers = Get-AzureADUser -All $true @@ -87,10 +77,17 @@ function Test-MailboxAuditingE5 { $details = if ($allFailures.Count -eq 0) { "All Office E5 users have correct mailbox audit settings." } else { $allFailures -join " | " } # Populate the audit result - $auditResult.Result = $allFailures.Count -eq 0 - $auditResult.Status = if ($auditResult.Result) { "Pass" } else { "Fail" } - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "6.1.3" + Result = $allFailures.Count -eq 0 + Status = if ($allFailures.Count -eq 0) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure mailbox auditing for Office E5 users is Enabled" + CISControl = "8.2" + CISDescription = "Collect audit logs." + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-ManagedApprovedPublicGroups.ps1 b/source/tests/Test-ManagedApprovedPublicGroups.ps1 index 7039c7e..8a0cf52 100644 --- a/source/tests/Test-ManagedApprovedPublicGroups.ps1 +++ b/source/tests/Test-ManagedApprovedPublicGroups.ps1 @@ -35,21 +35,17 @@ function Test-ManagedApprovedPublicGroups { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "3.3" - $auditResult.CISDescription = "Configure Data Access Control Lists" - $auditResult.Rec = "1.2.1" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L2" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.RecDescription = "Ensure that only organizationally managed/approved public groups exist" - $auditResult.Result = $null -eq $allGroups -or $allGroups.Count -eq 0 - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($auditResult.Result) { "Pass" } else { "Fail" } + $params = @{ + Rec = "1.2.1" + Result = $null -eq $allGroups -or $allGroups.Count -eq 0 + Status = if ($null -eq $allGroups -or $allGroups.Count -eq 0) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure that only organizationally managed/approved public groups exist" + CISControl = "3.3" + CISDescription = "Configure Data Access Control Lists" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-MeetingChatNoAnonymous.ps1 b/source/tests/Test-MeetingChatNoAnonymous.ps1 index 5a6035a..67d1b84 100644 --- a/source/tests/Test-MeetingChatNoAnonymous.ps1 +++ b/source/tests/Test-MeetingChatNoAnonymous.ps1 @@ -31,21 +31,17 @@ function Test-MeetingChatNoAnonymous { $details = "MeetingChatEnabledType is set to $($CsTeamsMeetingPolicyChat.MeetingChatEnabledType)" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" # Explicitly Not Mapped as per the image provided - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.Rec = "8.5.5" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.IG1 = $false # Set based on the CIS Controls image - $auditResult.IG2 = $false # Set based on the CIS Controls image - $auditResult.IG3 = $false # Set based on the CIS Controls image - $auditResult.RecDescription = "Ensure meeting chat does not allow anonymous users" - $auditResult.Result = $chatAnonDisabled - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($chatAnonDisabled) { "Pass" } else { "Fail" } + $params = @{ + Rec = "8.5.5" + Result = $chatAnonDisabled + Status = if ($chatAnonDisabled) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure meeting chat does not allow anonymous users" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-ModernAuthExchangeOnline.ps1 b/source/tests/Test-ModernAuthExchangeOnline.ps1 index 768788c..da2df32 100644 --- a/source/tests/Test-ModernAuthExchangeOnline.ps1 +++ b/source/tests/Test-ModernAuthExchangeOnline.ps1 @@ -29,21 +29,17 @@ function Test-ModernAuthExchangeOnline { $details = "OAuth2ClientProfileEnabled: $($orgConfig.OAuth2ClientProfileEnabled) for Organization: $($orgConfig.Name)" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "3.10" - $auditResult.CISDescription = "Encrypt Sensitive Data in Transit" - $auditResult.IG1 = $false # As per CIS Control v8 mapping for IG1 - $auditResult.IG2 = $true # As per CIS Control v8 mapping for IG2 - $auditResult.IG3 = $true # As per CIS Control v8 mapping for IG3 - $auditResult.ELevel = "E3" # Based on your environment (E3, E5, etc.) - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "6.5.1" - $auditResult.RecDescription = "Ensure modern authentication for Exchange Online is enabled (Automated)" - $auditResult.Result = $orgConfig.OAuth2ClientProfileEnabled - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($orgConfig.OAuth2ClientProfileEnabled) { "Pass" } else { "Fail" } + $params = @{ + Rec = "6.5.1" + Result = $orgConfig.OAuth2ClientProfileEnabled + Status = if ($orgConfig.OAuth2ClientProfileEnabled) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure modern authentication for Exchange Online is enabled (Automated)" + CISControl = "3.10" + CISDescription = "Encrypt Sensitive Data in Transit" + } + $auditResult = Initialize-CISAuditResult @params } catch { diff --git a/source/tests/Test-ModernAuthSharePoint.ps1 b/source/tests/Test-ModernAuthSharePoint.ps1 index 7f9f60e..c8c06a0 100644 --- a/source/tests/Test-ModernAuthSharePoint.ps1 +++ b/source/tests/Test-ModernAuthSharePoint.ps1 @@ -27,21 +27,17 @@ function Test-ModernAuthSharePoint { $details = "LegacyAuthProtocolsEnabled: $($SPOTenant.LegacyAuthProtocolsEnabled)" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "3.10" - $auditResult.CISDescription = "Encrypt Sensitive Data in Transit" - $auditResult.Rec = "7.2.1" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.IG1 = $false - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.RecDescription = "Modern Authentication for SharePoint Applications" - $auditResult.Result = $modernAuthForSPRequired - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($modernAuthForSPRequired) { "Pass" } else { "Fail" } + $params = @{ + Rec = "7.2.1" + Result = $modernAuthForSPRequired + Status = if ($modernAuthForSPRequired) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Modern Authentication for SharePoint Applications" + CISControl = "3.10" + CISDescription = "Encrypt Sensitive Data in Transit" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-NoAnonymousMeetingJoin.ps1 b/source/tests/Test-NoAnonymousMeetingJoin.ps1 index af62feb..cb5e42b 100644 --- a/source/tests/Test-NoAnonymousMeetingJoin.ps1 +++ b/source/tests/Test-NoAnonymousMeetingJoin.ps1 @@ -30,21 +30,17 @@ function Test-NoAnonymousMeetingJoin { $details = "AllowAnonymousUsersToJoinMeeting is set to $allowAnonymousUsersToJoinMeeting" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" # The control is Explicitly Not Mapped as per the image provided - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.Rec = "8.5.1" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L2" - $auditResult.IG1 = $false # Set based on the CIS Controls image - $auditResult.IG2 = $false # Set based on the CIS Controls image - $auditResult.IG3 = $false # Set based on the CIS Controls image - $auditResult.RecDescription = "Ensure anonymous users can't join a meeting" - $auditResult.Result = -not $allowAnonymousUsersToJoinMeeting - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if (-not $allowAnonymousUsersToJoinMeeting) { "Pass" } else { "Fail" } + $params = @{ + Rec = "8.5.1" + Result = -not $allowAnonymousUsersToJoinMeeting + Status = if (-not $allowAnonymousUsersToJoinMeeting) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure anonymous users can't join a meeting" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-NoAnonymousMeetingStart.ps1 b/source/tests/Test-NoAnonymousMeetingStart.ps1 index 38a6b2d..c520b05 100644 --- a/source/tests/Test-NoAnonymousMeetingStart.ps1 +++ b/source/tests/Test-NoAnonymousMeetingStart.ps1 @@ -30,21 +30,17 @@ function Test-NoAnonymousMeetingStart { $details = "AllowAnonymousUsersToStartMeeting is set to $($CsTeamsMeetingPolicyAnonymous.AllowAnonymousUsersToStartMeeting)" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" # Explicitly Not Mapped as per the image provided - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.Rec = "8.5.2" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.IG1 = $false # Set based on the CIS Controls image - $auditResult.IG2 = $false # Set based on the CIS Controls image - $auditResult.IG3 = $false # Set based on the CIS Controls image - $auditResult.RecDescription = "Ensure anonymous users and dial-in callers can't start a meeting" - $auditResult.Result = $anonymousStartDisabled - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons - $auditResult.Status = if ($anonymousStartDisabled) { "Pass" } else { "Fail" } + $params = @{ + Rec = "8.5.2" + Result = $anonymousStartDisabled + Status = if ($anonymousStartDisabled) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure anonymous users and dial-in callers can't start a meeting" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-NoWhitelistDomains.ps1 b/source/tests/Test-NoWhitelistDomains.ps1 index 2fb6554..9632762 100644 --- a/source/tests/Test-NoWhitelistDomains.ps1 +++ b/source/tests/Test-NoWhitelistDomains.ps1 @@ -34,21 +34,17 @@ function Test-NoWhitelistDomains { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($whitelistedRules) { "Fail" } else { "Pass" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "6.2.2" - $auditResult.RecDescription = "Ensure mail transport rules do not whitelist specific domains" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.IG1 = $false - $auditResult.IG2 = $false - $auditResult.IG3 = $false - $auditResult.Result = -not $whitelistedRules - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "6.2.2" + Result = -not $whitelistedRules + Status = if ($whitelistedRules) { "Fail" } else { "Pass" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure mail transport rules do not whitelist specific domains" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-NotifyMalwareInternal.ps1 b/source/tests/Test-NotifyMalwareInternal.ps1 index d198668..3d83262 100644 --- a/source/tests/Test-NotifyMalwareInternal.ps1 +++ b/source/tests/Test-NotifyMalwareInternal.ps1 @@ -43,21 +43,17 @@ function Test-NotifyMalwareInternal { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($result) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "2.1.3" - $auditResult.RecDescription = "Ensure notifications for internal users sending malware is Enabled" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "17.5" - $auditResult.CISDescription = "Assign Key Roles and Responsibilities" - $auditResult.IG1 = $false - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $result - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "2.1.3" + Result = $result + Status = if ($result) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure notifications for internal users sending malware is Enabled" + CISControl = "17.5" + CISDescription = "Assign Key Roles and Responsibilities" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-OneDriveContentRestrictions.ps1 b/source/tests/Test-OneDriveContentRestrictions.ps1 index 5d52bad..5905619 100644 --- a/source/tests/Test-OneDriveContentRestrictions.ps1 +++ b/source/tests/Test-OneDriveContentRestrictions.ps1 @@ -34,21 +34,17 @@ function Test-OneDriveContentRestrictions { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($isOneDriveSharingRestricted) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L2" - $auditResult.Rec = "7.2.4" - $auditResult.RecDescription = "Ensure OneDrive content sharing is restricted" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "3.3" - $auditResult.CISDescription = "Configure Data Access Control Lists" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $isOneDriveSharingRestricted - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "7.2.4" + Result = $isOneDriveSharingRestricted + Status = if ($isOneDriveSharingRestricted) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure OneDrive content sharing is restricted" + CISControl = "3.3" + CISDescription = "Configure Data Access Control Lists" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-OneDriveSyncRestrictions.ps1 b/source/tests/Test-OneDriveSyncRestrictions.ps1 index 67be5d3..6b6b95b 100644 --- a/source/tests/Test-OneDriveSyncRestrictions.ps1 +++ b/source/tests/Test-OneDriveSyncRestrictions.ps1 @@ -34,21 +34,17 @@ function Test-OneDriveSyncRestrictions { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($isSyncRestricted) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L2" - $auditResult.Rec = "7.3.2" - $auditResult.RecDescription = "Ensure OneDrive sync is restricted for unmanaged devices" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.IG1 = $false - $auditResult.IG2 = $false - $auditResult.IG3 = $false - $auditResult.Result = $isSyncRestricted - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "7.3.2" + Result = $isSyncRestricted + Status = if ($isSyncRestricted) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure OneDrive sync is restricted for unmanaged devices" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-OrgOnlyBypassLobby.ps1 b/source/tests/Test-OrgOnlyBypassLobby.ps1 index 4a2b5be..5fc49e8 100644 --- a/source/tests/Test-OrgOnlyBypassLobby.ps1 +++ b/source/tests/Test-OrgOnlyBypassLobby.ps1 @@ -36,21 +36,17 @@ function Test-OrgOnlyBypassLobby { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($lobbyBypassRestricted) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "8.5.3" - $auditResult.RecDescription = "Ensure only people in my org can bypass the lobby" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "6.8" - $auditResult.CISDescription = "Define and Maintain Role-Based Access Control" - $auditResult.IG1 = $false # Set based on the CIS Controls image - $auditResult.IG2 = $false # Set based on the CIS Controls image - $auditResult.IG3 = $true # Set based on the CIS Controls image - $auditResult.Result = $lobbyBypassRestricted - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "8.5.3" + Result = $lobbyBypassRestricted + Status = if ($lobbyBypassRestricted) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure only people in my org can bypass the lobby" + CISControl = "6.8" + CISDescription = "Define and Maintain Role-Based Access Control" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-OrganizersPresent.ps1 b/source/tests/Test-OrganizersPresent.ps1 index c47f0d8..b10da1e 100644 --- a/source/tests/Test-OrganizersPresent.ps1 +++ b/source/tests/Test-OrganizersPresent.ps1 @@ -36,21 +36,17 @@ function Test-OrganizersPresent { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($presenterRoleRestricted) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "8.5.6" - $auditResult.RecDescription = "Ensure only organizers and co-organizers can present" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" # Explicitly Not Mapped - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.IG1 = $false # Set based on the CIS Controls image - $auditResult.IG2 = $false # Set based on the CIS Controls image - $auditResult.IG3 = $false # Set based on the CIS Controls image - $auditResult.Result = $presenterRoleRestricted - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "8.5.6" + Result = $presenterRoleRestricted + Status = if ($presenterRoleRestricted) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure only organizers and co-organizers can present" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-PasswordHashSync.ps1 b/source/tests/Test-PasswordHashSync.ps1 index c65ac31..e4ece6c 100644 --- a/source/tests/Test-PasswordHashSync.ps1 +++ b/source/tests/Test-PasswordHashSync.ps1 @@ -30,21 +30,17 @@ function Test-PasswordHashSync { $details = "OnPremisesSyncEnabled: $($passwordHashSync)" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($hashSyncResult) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "5.1.8.1" - $auditResult.RecDescription = "Ensure password hash sync is enabled for hybrid deployments" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "6.7" - $auditResult.CISDescription = "Centralize Access Control" - $auditResult.IG1 = $false - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $hashSyncResult - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "5.1.8.1" + Result = $hashSyncResult + Status = if ($hashSyncResult) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure password hash sync is enabled for hybrid deployments" + CISControl = "6.7" + CISDescription = "Centralize Access Control" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-PasswordNeverExpirePolicy.ps1 b/source/tests/Test-PasswordNeverExpirePolicy.ps1 index 66e039a..c7fc799 100644 --- a/source/tests/Test-PasswordNeverExpirePolicy.ps1 +++ b/source/tests/Test-PasswordNeverExpirePolicy.ps1 @@ -30,21 +30,17 @@ function Test-PasswordNeverExpirePolicy { $details = "Validity Period: $passwordPolicy days" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($passwordPolicy -eq 0) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "1.3.1" - $auditResult.RecDescription = "Ensure the 'Password expiration policy' is set to 'Set passwords to never expire'" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "5.2" - $auditResult.CISDescription = "Use Unique Passwords" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $passwordPolicy -eq 0 - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "1.3.1" + Result = $passwordPolicy -eq 0 + Status = if ($passwordPolicy -eq 0) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure the 'Password expiration policy' is set to 'Set passwords to never expire'" + CISControl = "5.2" + CISDescription = "Use Unique Passwords" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-ReauthWithCode.ps1 b/source/tests/Test-ReauthWithCode.ps1 index 53e600f..ca64432 100644 --- a/source/tests/Test-ReauthWithCode.ps1 +++ b/source/tests/Test-ReauthWithCode.ps1 @@ -29,21 +29,17 @@ function Test-ReauthWithCode { $details = "EmailAttestationRequired: $($SPOTenantReauthentication.EmailAttestationRequired); EmailAttestationReAuthDays: $($SPOTenantReauthentication.EmailAttestationReAuthDays)" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($isReauthenticationRestricted) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "7.2.10" - $auditResult.RecDescription = "Ensure reauthentication with verification code is restricted" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.IG1 = $false - $auditResult.IG2 = $false - $auditResult.IG3 = $false - $auditResult.Result = $isReauthenticationRestricted - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "7.2.10" + Result = $isReauthenticationRestricted + Status = if ($isReauthenticationRestricted) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure reauthentication with verification code is restricted" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-ReportSecurityInTeams.ps1 b/source/tests/Test-ReportSecurityInTeams.ps1 index 479847b..01b3bfb 100644 --- a/source/tests/Test-ReportSecurityInTeams.ps1 +++ b/source/tests/Test-ReportSecurityInTeams.ps1 @@ -39,21 +39,17 @@ function Test-ReportSecurityInTeams { "ReportChatMessageToCustomizedAddressEnabled: $($ReportSubmissionPolicy.ReportChatMessageToCustomizedAddressEnabled)" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($securityReportEnabled) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "8.6.1" - $auditResult.RecDescription = "Ensure users can report security concerns in Teams" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.IG1 = $false - $auditResult.IG2 = $false - $auditResult.IG3 = $false - $auditResult.Result = $securityReportEnabled - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "8.6.1" + Result = $securityReportEnabled + Status = if ($securityReportEnabled) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure users can report security concerns in Teams" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-RestrictCustomScripts.ps1 b/source/tests/Test-RestrictCustomScripts.ps1 index 454be84..7ef723b 100644 --- a/source/tests/Test-RestrictCustomScripts.ps1 +++ b/source/tests/Test-RestrictCustomScripts.ps1 @@ -44,21 +44,17 @@ function Test-RestrictCustomScripts { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($complianceResult) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "7.3.4" - $auditResult.RecDescription = "Ensure custom script execution is restricted on site collections" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "2.7" - $auditResult.CISDescription = "Allowlist Authorized Scripts" - $auditResult.IG1 = $false - $auditResult.IG2 = $false - $auditResult.IG3 = $true - $auditResult.Result = $complianceResult - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "7.3.4" + Result = $complianceResult + Status = if ($complianceResult) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure custom script execution is restricted on site collections" + CISControl = "2.7" + CISDescription = "Allowlist Authorized Scripts" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-RestrictExternalSharing.ps1 b/source/tests/Test-RestrictExternalSharing.ps1 index 2034767..20d1107 100644 --- a/source/tests/Test-RestrictExternalSharing.ps1 +++ b/source/tests/Test-RestrictExternalSharing.ps1 @@ -29,21 +29,17 @@ function Test-RestrictExternalSharing { $details = "SharingCapability: $($SPOTenantSharingCapability.SharingCapability)" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($isRestricted) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "7.2.3" - $auditResult.RecDescription = "Ensure external content sharing is restricted" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "3.3" - $auditResult.CISDescription = "Configure Data Access Control Lists" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $isRestricted - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "7.2.3" + Result = $isRestricted + Status = if ($isRestricted) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure external content sharing is restricted" + CISControl = "3.3" + CISDescription = "Configure Data Access Control Lists" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-RestrictOutlookAddins.ps1 b/source/tests/Test-RestrictOutlookAddins.ps1 index 56934ab..1b8d8d1 100644 --- a/source/tests/Test-RestrictOutlookAddins.ps1 +++ b/source/tests/Test-RestrictOutlookAddins.ps1 @@ -61,21 +61,17 @@ function Test-RestrictOutlookAddins { $isCompliant = -not ($customPolicyFailures -or $defaultPolicyFailureDetails) # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($isCompliant) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L2" - $auditResult.Rec = "6.3.1" - $auditResult.RecDescription = "Ensure users installing Outlook add-ins is not allowed" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "9.4" - $auditResult.CISDescription = "Restrict Unnecessary or Unauthorized Browser and Email Client Extensions" - $auditResult.IG1 = $false - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $isCompliant - $auditResult.Details = $detailsString - $auditResult.FailureReason = if ($isCompliant) { "N/A" } else { "Unauthorized Outlook add-ins found in custom or default policies." } + $params = @{ + Rec = "6.3.1" + Result = $isCompliant + Status = if ($isCompliant) { "Pass" } else { "Fail" } + Details = $detailsString + FailureReason = if ($isCompliant) { "N/A" } else { "Unauthorized Outlook add-ins found in custom or default policies." } + RecDescription = "Ensure users installing Outlook add-ins is not allowed" + CISControl = "9.4" + CISDescription = "Restrict Unnecessary or Unauthorized Browser and Email Client Extensions" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-RestrictStorageProvidersOutlook.ps1 b/source/tests/Test-RestrictStorageProvidersOutlook.ps1 index 706c5b6..43dceaf 100644 --- a/source/tests/Test-RestrictStorageProvidersOutlook.ps1 +++ b/source/tests/Test-RestrictStorageProvidersOutlook.ps1 @@ -37,21 +37,17 @@ function Test-RestrictStorageProvidersOutlook { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($allPoliciesRestricted) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" # Based on your environment - $auditResult.ProfileLevel = "L2" - $auditResult.Rec = "6.5.3" - $auditResult.RecDescription = "Ensure additional storage providers are restricted in Outlook on the web" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "3.3" - $auditResult.CISDescription = "Configure Data Access Control Lists" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $allPoliciesRestricted - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "6.5.3" + Result = $allPoliciesRestricted + Status = if ($allPoliciesRestricted) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure additional storage providers are restricted in Outlook on the web" + CISControl = "3.3" + CISDescription = "Configure Data Access Control Lists" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-RestrictTenantCreation.ps1 b/source/tests/Test-RestrictTenantCreation.ps1 index 969a146..cef19d0 100644 --- a/source/tests/Test-RestrictTenantCreation.ps1 +++ b/source/tests/Test-RestrictTenantCreation.ps1 @@ -29,21 +29,17 @@ function Test-RestrictTenantCreation { $details = "AllowedToCreateTenants: $($tenantCreationPolicy.AllowedToCreateTenants)" # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($tenantCreationResult) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "5.1.2.3" - $auditResult.RecDescription = "Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.IG1 = $false - $auditResult.IG2 = $false - $auditResult.IG3 = $false - $auditResult.Result = $tenantCreationResult - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "5.1.2.3" + Result = $tenantCreationResult + Status = if ($tenantCreationResult) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-SafeAttachmentsPolicy.ps1 b/source/tests/Test-SafeAttachmentsPolicy.ps1 index 7cf285f..0145a94 100644 --- a/source/tests/Test-SafeAttachmentsPolicy.ps1 +++ b/source/tests/Test-SafeAttachmentsPolicy.ps1 @@ -34,21 +34,17 @@ function Test-SafeAttachmentsPolicy { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($result) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E5" - $auditResult.ProfileLevel = "L2" - $auditResult.Rec = "2.1.4" - $auditResult.RecDescription = "Ensure Safe Attachments policy is enabled" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "9.7" - $auditResult.CISDescription = "Deploy and Maintain Email Server Anti-Malware Protections" - $auditResult.IG1 = $false - $auditResult.IG2 = $false - $auditResult.IG3 = $true - $auditResult.Result = $result - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "2.1.4" + Result = $result + Status = if ($result) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure Safe Attachments policy is enabled" + CISControl = "9.7" + CISDescription = "Deploy and Maintain Email Server Anti-Malware Protections" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-SafeAttachmentsTeams.ps1 b/source/tests/Test-SafeAttachmentsTeams.ps1 index 649de39..a38e87d 100644 --- a/source/tests/Test-SafeAttachmentsTeams.ps1 +++ b/source/tests/Test-SafeAttachmentsTeams.ps1 @@ -41,21 +41,17 @@ function Test-SafeAttachmentsTeams { } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($result) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E5" - $auditResult.ProfileLevel = "L2" - $auditResult.Rec = "2.1.5" - $auditResult.RecDescription = "Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "9.7, 10.1" - $auditResult.CISDescription = "Deploy and Maintain Email Server Anti-Malware Protections, Deploy and Maintain Anti-Malware Software" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $result - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "2.1.5" + Result = $result + Status = if ($result) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled" + CISControl = "9.7, 10.1" + CISDescription = "Deploy and Maintain Email Server Anti-Malware Protections, Deploy and Maintain Anti-Malware Software" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-SafeLinksOfficeApps.ps1 b/source/tests/Test-SafeLinksOfficeApps.ps1 index 0779515..42dc59f 100644 --- a/source/tests/Test-SafeLinksOfficeApps.ps1 +++ b/source/tests/Test-SafeLinksOfficeApps.ps1 @@ -48,21 +48,17 @@ function Test-SafeLinksOfficeApps { $failureReasons = if ($result) { "N/A" } else { "The following Safe Links policies settings do not meet the recommended configuration: $($misconfiguredDetails -join ' | ')" } # Create and populate the CISAuditResult object - $auditResult = [CISAuditResult]::new() - $auditResult.Status = if ($result) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E5" - $auditResult.ProfileLevel = "L2" - $auditResult.Rec = "2.1.1" - $auditResult.RecDescription = "Ensure Safe Links for Office Applications is Enabled" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "10.1" - $auditResult.CISDescription = "Deploy and Maintain Anti-Malware Software" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $result - $auditResult.Details = $details - $auditResult.FailureReason = $failureReasons + $params = @{ + Rec = "2.1.1" + Result = $result + Status = if ($result) { "Pass" } else { "Fail" } + Details = $details + FailureReason = $failureReasons + RecDescription = "Ensure Safe Links for Office Applications is Enabled" + CISControl = "10.1" + CISDescription = "Deploy and Maintain Anti-Malware Software" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-SharePointAADB2B.ps1 b/source/tests/Test-SharePointAADB2B.ps1 index 49817ce..45937fc 100644 --- a/source/tests/Test-SharePointAADB2B.ps1 +++ b/source/tests/Test-SharePointAADB2B.ps1 @@ -18,20 +18,17 @@ function Test-SharePointAADB2B { $SPOTenantAzureADB2B = Get-SPOTenant | Select-Object EnableAzureADB2BIntegration # Populate the auditResult object with the required properties - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.Rec = "7.2.2" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.IG1 = $false - $auditResult.IG2 = $false - $auditResult.IG3 = $false - $auditResult.RecDescription = "Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled" - $auditResult.Result = $SPOTenantAzureADB2B.EnableAzureADB2BIntegration - $auditResult.Details = "EnableAzureADB2BIntegration: $($SPOTenantAzureADB2B.EnableAzureADB2BIntegration)" - $auditResult.FailureReason = if (-not $SPOTenantAzureADB2B.EnableAzureADB2BIntegration) { "Azure AD B2B integration is not enabled" } else { "N/A" } - $auditResult.Status = if ($SPOTenantAzureADB2B.EnableAzureADB2BIntegration) { "Pass" } else { "Fail" } + $params = @{ + Rec = "7.2.2" + Result = $SPOTenantAzureADB2B.EnableAzureADB2BIntegration + Status = if ($SPOTenantAzureADB2B.EnableAzureADB2BIntegration) { "Pass" } else { "Fail" } + Details = "EnableAzureADB2BIntegration: $($SPOTenantAzureADB2B.EnableAzureADB2BIntegration)" + FailureReason = if (-not $SPOTenantAzureADB2B.EnableAzureADB2BIntegration) { "Azure AD B2B integration is not enabled" } else { "N/A" } + RecDescription = "Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-SharePointExternalSharingDomains.ps1 b/source/tests/Test-SharePointExternalSharingDomains.ps1 index 05b65b8..a8a8b4b 100644 --- a/source/tests/Test-SharePointExternalSharingDomains.ps1 +++ b/source/tests/Test-SharePointExternalSharingDomains.ps1 @@ -19,20 +19,17 @@ function Test-SharePointExternalSharingDomains { $isDomainRestrictionConfigured = $SPOTenant.SharingDomainRestrictionMode -eq 'AllowList' # Populate the auditResult object with the required properties - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "3.3" - $auditResult.CISDescription = "Configure Data Access Control Lists" - $auditResult.Rec = "7.2.6" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L2" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.RecDescription = "Ensure SharePoint external sharing is managed through domain whitelist/blacklists" - $auditResult.Result = $isDomainRestrictionConfigured - $auditResult.Details = "SharingDomainRestrictionMode: $($SPOTenant.SharingDomainRestrictionMode); SharingAllowedDomainList: $($SPOTenant.SharingAllowedDomainList)" - $auditResult.FailureReason = if (-not $isDomainRestrictionConfigured) { "Domain restrictions for SharePoint external sharing are not configured to 'AllowList'. Current setting: $($SPOTenant.SharingDomainRestrictionMode)" } else { "N/A" } - $auditResult.Status = if ($isDomainRestrictionConfigured) { "Pass" } else { "Fail" } + $params = @{ + Rec = "7.2.6" + Result = $isDomainRestrictionConfigured + Status = if ($isDomainRestrictionConfigured) { "Pass" } else { "Fail" } + Details = "SharingDomainRestrictionMode: $($SPOTenant.SharingDomainRestrictionMode); SharingAllowedDomainList: $($SPOTenant.SharingAllowedDomainList)" + FailureReason = if (-not $isDomainRestrictionConfigured) { "Domain restrictions for SharePoint external sharing are not configured to 'AllowList'. Current setting: $($SPOTenant.SharingDomainRestrictionMode)" } else { "N/A" } + RecDescription = "Ensure SharePoint external sharing is managed through domain whitelist/blacklists" + CISControl = "3.3" + CISDescription = "Configure Data Access Control Lists" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-SharePointGuestsItemSharing.ps1 b/source/tests/Test-SharePointGuestsItemSharing.ps1 index bff9180..f429c7c 100644 --- a/source/tests/Test-SharePointGuestsItemSharing.ps1 +++ b/source/tests/Test-SharePointGuestsItemSharing.ps1 @@ -19,20 +19,17 @@ function Test-SharePointGuestsItemSharing { $isGuestResharingPrevented = $SPOTenant.PreventExternalUsersFromResharing # Populate the auditResult object with the required properties - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "3.3" - $auditResult.CISDescription = "Configure Data Access Control Lists" - $auditResult.Rec = "7.2.5" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L2" - $auditResult.IG1 = $true - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.RecDescription = "Ensure that SharePoint guest users cannot share items they don't own" - $auditResult.Result = $isGuestResharingPrevented - $auditResult.Details = "PreventExternalUsersFromResharing: $isGuestResharingPrevented" - $auditResult.FailureReason = if (-not $isGuestResharingPrevented) { "Guest users can reshare items they don't own." } else { "N/A" } - $auditResult.Status = if ($isGuestResharingPrevented) { "Pass" } else { "Fail" } + $params = @{ + Rec = "7.2.5" + Result = $isGuestResharingPrevented + Status = if ($isGuestResharingPrevented) { "Pass" } else { "Fail" } + Details = "PreventExternalUsersFromResharing: $isGuestResharingPrevented" + FailureReason = if (-not $isGuestResharingPrevented) { "Guest users can reshare items they don't own." } else { "N/A" } + RecDescription = "Ensure that SharePoint guest users cannot share items they don't own" + CISControl = "3.3" + CISDescription = "Configure Data Access Control Lists" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-SpamPolicyAdminNotify.ps1 b/source/tests/Test-SpamPolicyAdminNotify.ps1 index 4e822ec..4532acd 100644 --- a/source/tests/Test-SpamPolicyAdminNotify.ps1 +++ b/source/tests/Test-SpamPolicyAdminNotify.ps1 @@ -34,20 +34,17 @@ function Test-SpamPolicyAdminNotify { } # Create an instance of CISAuditResult and populate it - $auditResult.Status = if ($areSettingsEnabled) { "Pass" } else { "Fail" } - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L1" - $auditResult.Rec = "2.1.6" - $auditResult.RecDescription = "Ensure Exchange Online Spam Policies are set to notify administrators" - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "17.5" - $auditResult.CISDescription = "Assign Key Roles and Responsibilities" - $auditResult.IG1 = $false - $auditResult.IG2 = $true - $auditResult.IG3 = $true - $auditResult.Result = $areSettingsEnabled - $auditResult.Details = if ($areSettingsEnabled) { "Both BccSuspiciousOutboundMail and NotifyOutboundSpam are enabled." } else { $failureDetails -join ' ' } - $auditResult.FailureReason = if (-not $areSettingsEnabled) { "One or both spam policies are not set to notify administrators." } else { "N/A" } + $params = @{ + Rec = "2.1.6" + Result = $areSettingsEnabled + Status = if ($areSettingsEnabled) { "Pass" } else { "Fail" } + Details = if ($areSettingsEnabled) { "Both BccSuspiciousOutboundMail and NotifyOutboundSpam are enabled." } else { $failureDetails -join ' ' } + FailureReason = if (-not $areSettingsEnabled) { "One or both spam policies are not set to notify administrators." } else { "N/A" } + RecDescription = "Ensure Exchange Online Spam Policies are set to notify administrators" + CISControl = "17.5" + CISDescription = "Assign Key Roles and Responsibilities" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-TeamsExternalAccess.ps1 b/source/tests/Test-TeamsExternalAccess.ps1 index 06b98eb..4a2ad40 100644 --- a/source/tests/Test-TeamsExternalAccess.ps1 +++ b/source/tests/Test-TeamsExternalAccess.ps1 @@ -29,20 +29,17 @@ function Test-TeamsExternalAccess { $isCompliant = -not $externalAccessConfig.AllowTeamsConsumer -and -not $externalAccessConfig.AllowPublicUsers -and (-not $externalAccessConfig.AllowFederatedUsers -or $allowedDomainsLimited) # Create an instance of CISAuditResult and populate it - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "0.0" # The control is Explicitly Not Mapped as per the image provided - $auditResult.CISDescription = "Explicitly Not Mapped" - $auditResult.Rec = "8.2.1" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L2" - $auditResult.IG1 = $false # Set based on the CIS Controls image - $auditResult.IG2 = $false # Set based on the CIS Controls image - $auditResult.IG3 = $false # Set based on the CIS Controls image - $auditResult.RecDescription = "Ensure 'external access' is restricted in the Teams admin center" - $auditResult.Result = $isCompliant - $auditResult.Details = "AllowTeamsConsumer: $($externalAccessConfig.AllowTeamsConsumer); AllowPublicUsers: $($externalAccessConfig.AllowPublicUsers); AllowFederatedUsers: $($externalAccessConfig.AllowFederatedUsers); AllowedDomains limited: $allowedDomainsLimited" - $auditResult.FailureReason = if (-not $isCompliant) { "One or more external access configurations are not compliant." } else { "N/A" } - $auditResult.Status = if ($isCompliant) { "Pass" } else { "Fail" } + $params = @{ + Rec = "8.2.1" + Result = $isCompliant + Status = if ($isCompliant) { "Pass" } else { "Fail" } + Details = "AllowTeamsConsumer: $($externalAccessConfig.AllowTeamsConsumer); AllowPublicUsers: $($externalAccessConfig.AllowPublicUsers); AllowFederatedUsers: $($externalAccessConfig.AllowFederatedUsers); AllowedDomains limited: $allowedDomainsLimited" + FailureReason = if (-not $isCompliant) { "One or more external access configurations are not compliant." } else { "N/A" } + RecDescription = "Ensure 'external access' is restricted in the Teams admin center" + CISControl = "0.0" + CISDescription = "Explicitly Not Mapped" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/source/tests/Test-TeamsExternalFileSharing.ps1 b/source/tests/Test-TeamsExternalFileSharing.ps1 index 9226a64..697b2bc 100644 --- a/source/tests/Test-TeamsExternalFileSharing.ps1 +++ b/source/tests/Test-TeamsExternalFileSharing.ps1 @@ -33,20 +33,17 @@ function Test-TeamsExternalFileSharing { } # Create an instance of CISAuditResult and populate it - $auditResult.CISControlVer = "v8" - $auditResult.CISControl = "3.3" - $auditResult.CISDescription = "Configure Data Access Control Lists" - $auditResult.Rec = "8.1.1" - $auditResult.ELevel = "E3" - $auditResult.ProfileLevel = "L2" - $auditResult.IG1 = $true # Set based on the benchmark - $auditResult.IG2 = $true # Set based on the benchmark - $auditResult.IG3 = $true # Set based on the benchmark - $auditResult.RecDescription = "Ensure external file sharing in Teams is enabled for only approved cloud storage services" - $auditResult.Result = $isCompliant - $auditResult.Details = if (-not $isCompliant) { "Non-approved providers enabled: $($nonCompliantProviders -join ', ')" } else { "All cloud storage services are approved providers" } - $auditResult.FailureReason = if (-not $isCompliant) { "The following non-approved providers are enabled: $($nonCompliantProviders -join ', ')" } else { "N/A" } - $auditResult.Status = if ($isCompliant) { "Pass" } else { "Fail" } + $params = @{ + Rec = "8.1.1" + Result = $isCompliant + Status = if ($isCompliant) { "Pass" } else { "Fail" } + Details = if (-not $isCompliant) { "Non-approved providers enabled: $($nonCompliantProviders -join ', ')" } else { "All cloud storage services are approved providers" } + FailureReason = if (-not $isCompliant) { "The following non-approved providers are enabled: $($nonCompliantProviders -join ', ')" } else { "N/A" } + RecDescription = "Ensure external file sharing in Teams is enabled for only approved cloud storage services" + CISControl = "3.3" + CISDescription = "Configure Data Access Control Lists" + } + $auditResult = Initialize-CISAuditResult @params } end { diff --git a/tests/Unit/Private/Initialize-CISAuditResult.tests.ps1 b/tests/Unit/Private/Initialize-CISAuditResult.tests.ps1 new file mode 100644 index 0000000..4a2aa69 --- /dev/null +++ b/tests/Unit/Private/Initialize-CISAuditResult.tests.ps1 @@ -0,0 +1,27 @@ +$ProjectPath = "$PSScriptRoot\..\..\.." | Convert-Path +$ProjectName = ((Get-ChildItem -Path $ProjectPath\*\*.psd1).Where{ + ($_.Directory.Name -match 'source|src' -or $_.Directory.Name -eq $_.BaseName) -and + $(try { Test-ModuleManifest $_.FullName -ErrorAction Stop } catch { $false } ) + }).BaseName + + +Import-Module $ProjectName + +InModuleScope $ProjectName { + Describe Get-PrivateFunction { + Context 'Default' { + BeforeEach { + $return = Get-PrivateFunction -PrivateData 'string' + } + + It 'Returns a single object' { + ($return | Measure-Object).Count | Should -Be 1 + } + + It 'Returns a string based on the parameter PrivateData' { + $return | Should -Be 'string' + } + } + } +} +