inspec.yml

name: "cis-m365-foundations-baseline"
title: "CIS Microsoft 365 Foundations Benchmark"
maintainer: "MITRE SAF Team"
copyright: "MITRE, 2024"
copyright_email: "saf@groups.mitre.org"
license: "Apache-2.0"
summary: "InSpec Validation Profile for the CIS Microsoft 365 Foundations Benchmark"
version: 3.1.2
inspec_version: ">= 6"
depends:
  - name: inspec-pwsh
    git: https://github.com/mitre/inspec-pwsh.git
inputs:
- name: disable_slow_controls
  description: "Don't Run Long Running Controls (dev/testing only)"
  type: Boolean
  value: false
  required: false

#Controls using this input:
#1.3.1
- name: org_domain
  sensitive: true
  description: 'Domain for organization'
  type: String
  required: true

#Controls using this input:
#2.1.6
- name: notify_outbound_spam_recipients
  sensitive: true
  description: 'Email address to notify administrator for Exchange Online Spam Policies'
  type: Array
  required: true

#Controls using this input:
#2.1.6
- name: bcc_suspicious_outbound_additional_recipients
  sensitive: true
  description: 'BCC email address to notify additional recipients for Exchange Online Spam Policies'
  type: Array
  required: true

#Controls using this input:
#2.1.8
- name: spf_domains
  sensitive: true
  description: 'Array of domains needed to check for SPF record'
  type: Array
  required: true

#Controls using this input:
#2.1.10
- name: dmarc_domains
  sensitive: true
  description: 'Array of DMARC records to check'
  type: Array
  required: true

#Controls using this input:
#2.1.10
- name: reporting_mail_address
  sensitive: true
  description: 'Reporting mail address needed for DMARC check'
  type: String
  required: true

#Controls using this input:
#3.2.2
- name: permitted_exceptions_teams_locations
  sensitive: true
  description: 'Permitted exceptions for teams locations'
  type: Array
  required: true

#Controls using this input:
#6.2.1
- name: internal_domains_transport_rule
  sensitive: true
  description: 'Domains internal to the organization to be checked'
  type: Array
  required: true

#Controls using this input:
#6.2.3
- name: email_addresses_bypass_external_tagging
  sensitive: true
  description: 'Email address list that are allowed to bypass external tagging'
  type: Array
  required: true

#Controls using this input:
#6.5.2
- name: mailtipslargeaudiencethreshold_value
  sensitive: true
  description: 'MailTipsLargeAudienceThreshold value to check for in MailTips setting'
  required: true

#Controls using this input:
#6.5.2
- name: authorized_domains_teams_admin_center
  sensitive: true
  description: 'List of authorized domains for AllowedDomains option in Teams Admin Center'
  type: Array
  required: true

#Controls using this input:
#8.6.1
- name: reporting_email_addresses_for_malicious_messages
  sensitive: true
  description: 'Email addresses to check to report malicious messages in Teams and Defender'
  type: Array
  required: true

#Controls using this input:
#7.2.6
- name: domains_trusted_by_organization
  sensitive: true
  description: 'Domains that are trusted by organization in SharePoint'
  type: Array
  required: true

#Controls using this input:
#7.2.9
- name: external_user_expiry_in_days_spo_threshold
  sensitive: true
  description: 'Threshold in days to check for external user expiry in SharePoint'
  value: 30
  required: true

#Controls using this input:
#7.2.10
- name: email_attestation_re_auth_days_spo_threshold
  sensitive: true
  description: 'Threshold in days to check for email attestation auth in SharePoint'
  value: 15
  required: true

#Controls using this input:
#7.3.2
- name: trusted_domains_guids
  sensitive: true
  description: 'Domain GUIDs trusted from the on premises environment'
  type: Array
  required: true