diff --git a/scubagoggles/Testing/RegoTests/commoncontrols/commoncontrols_api09_test.rego b/scubagoggles/Testing/RegoTests/commoncontrols/commoncontrols_api09_test.rego deleted file mode 100644 index cc07e566..00000000 --- a/scubagoggles/Testing/RegoTests/commoncontrols/commoncontrols_api09_test.rego +++ /dev/null @@ -1,63 +0,0 @@ -package commoncontrols - -import future.keywords -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -GoodCaseInputApi09 := { - "policies": { - "topOU": { - "security_advanced_protection_program": { - "enableAdvancedProtectionSelfEnrollment": true - } - } - }, - "tenant_info": { - "topLevelOU": "topOU" - } -} - -BadCaseInputApi09 := { - "policies": { - "topOU": { - "security_advanced_protection_program": { - "enableAdvancedProtectionSelfEnrollment": false - } - } - }, - "tenant_info": { - "topLevelOU": "topOU" - } -} - -test_HighPrivAccountsAPP_Correct_1 if { - PolicyId := CommonControlsId9_1 - Output := tests with input as GoodCaseInputApi09 - - PassTestResult(PolicyId, Output) -} - -test_HighPrivAccountsAPP_Incorrect_1 if { - PolicyId := CommonControlsId9_1 - Output := tests with input as BadCaseInputApi09 - - failedOU := [{"Name": "topOU", - "Value": NonComplianceMessage9_1}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SensitiveAccountsAPP_Correct_1 if { - PolicyId := CommonControlsId9_2 - Output := tests with input as GoodCaseInputApi09 - - PassTestResult(PolicyId, Output) -} - -test_SensitiveAccountsAPP_Incorrect_1 if { - PolicyId := CommonControlsId9_2 - Output := tests with input as BadCaseInputApi09 - - failedOU := [{"Name": "topOU", - "Value": NonComplianceMessage9_2}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} diff --git a/scubagoggles/rego/Commoncontrols.rego b/scubagoggles/rego/Commoncontrols.rego index aa7856d4..1b9ed227 100644 --- a/scubagoggles/rego/Commoncontrols.rego +++ b/scubagoggles/rego/Commoncontrols.rego @@ -1317,21 +1317,6 @@ if { CommonControlsId9_1 := utils.PolicyIdWithSuffix("GWS.COMMONCONTROLS.9.1") -NonComplianceSuffix9 := "enrolled in the GWS Advanced Protection Program." -NonComplianceMessage9_1 := sprintf("%s %s", - ["Highly privileged accounts can't be", - NonComplianceSuffix9]) - -NonCompliantOUs9_1 contains { - "Name": OU, - "Value": NonComplianceMessage9_1 -} -if { - some OU, settings in input.policies - appEnable := settings.security_advanced_protection_program.enableAdvancedProtectionSelfEnrollment - appEnable != true -} - tests contains { "PolicyId": CommonControlsId9_1, "Criticality": "Shall/Not-Implemented", @@ -1340,22 +1325,6 @@ tests contains { "RequirementMet": false, "NoSuchEvent": true } -if { - not PolicyApiInUse -} - -tests contains { - "PolicyId": CommonControlsId9_1, - "Criticality": "Shall", - "ReportDetails": utils.ReportDetails(NonCompliantOUs9_1, []), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_1}, - "RequirementMet": Status, - "NoSuchEvent": false -} -if { - PolicyApiInUse - Status := count(NonCompliantOUs9_1) == 0 -} #-- # @@ -1364,20 +1333,6 @@ if { CommonControlsId9_2 := utils.PolicyIdWithSuffix("GWS.COMMONCONTROLS.9.2") -NonComplianceMessage9_2 := sprintf("%s %s", - ["Sensitive user accounts", - NonComplianceSuffix9]) - -NonCompliantOUs9_2 contains { - "Name": OU, - "Value": NonComplianceMessage9_2 -} -if { - some OU, settings in input.policies - appEnable := settings.security_advanced_protection_program.enableAdvancedProtectionSelfEnrollment - appEnable != true -} - tests contains { "PolicyId": CommonControlsId9_2, "Criticality": "Should/Not-Implemented", @@ -1386,22 +1341,6 @@ tests contains { "RequirementMet": false, "NoSuchEvent": true } -if { - not PolicyApiInUse -} - -tests contains { - "PolicyId": CommonControlsId9_2, - "Criticality": "Should", - "ReportDetails": utils.ReportDetails(NonCompliantOUs9_2, []), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_2}, - "RequirementMet": Status, - "NoSuchEvent": false -} -if { - PolicyApiInUse - Status := count(NonCompliantOUs9_2) == 0 -} #-- #########################