rubocop autocorrect

mitre · Feb 21, 2025 · e146359 · e146359
1 parent aa31052
commit e146359
Show file tree

Hide file tree

Showing 145 changed files with 3,600 additions and 3,605 deletions.
diff --git a/controls/azure-foundations-cis-2.1.1.rb b/controls/azure-foundations-cis-2.1.1.rb
@@ -1,6 +1,6 @@
 control 'azure-foundations-cis-2.1.1' do
-    title 'Ensure Security Defaults is enabled on Microsoft Entra ID'
-    desc "[IMPORTANT - Please read the section overview: If your organization pays for
+  title 'Ensure Security Defaults is enabled on Microsoft Entra ID'
+  desc "[IMPORTANT - Please read the section overview: If your organization pays for
         Microsoft Entra ID licensing (included in Microsoft 365 E3, E5, or F5, and EM&S E3 or
         E5 licenses) and CAN use Conditional Access, ignore the recommendations in this
         section and proceed to the Conditional Access section.]
@@ -11,31 +11,31 @@
         have a basic level of security enabled at no extra cost. You may turn on security
         defaults in the Azure portal."
 
-    desc 'rationale',
-        "Security defaults provide secure default settings that we manage on behalf of
+  desc 'rationale',
+       "Security defaults provide secure default settings that we manage on behalf of
         organizations to keep customers safe until they are ready to manage their own identity
         security settings.
         For example, doing the following:
         • Requiring all users and admins to register for MFA.
         • Challenging users with MFA - when necessary, based on factors such as
         location, device, role, and task.
         • Disabling authentication from legacy authentication clients, which can’t do MFA."
-    
-    desc 'impact',
-        "This recommendation should be implemented initially and then may be overridden by
+
+  desc 'impact',
+       "This recommendation should be implemented initially and then may be overridden by
         other service/product specific CIS Benchmarks. Administrators should also be aware
         that certain configurations in Microsoft Entra ID may impact other Microsoft services
         such as Microsoft 365."
 
-    desc 'check',
+  desc 'check',
        "From Azure Portal
         To ensure security defaults is enabled in your directory:
         1. From Azure Home select the Portal Menu.
         2. Browse to Microsoft Entra ID > Properties.
         3. Select Manage security defaults.
         4. Verify the Enable security defaults toggle is Enabled."
 
-    desc 'fix',
+  desc 'fix',
        "From Azure Portal
         To enable security defaults in your directory:
         1. From Azure Home select the Portal Menu.
@@ -44,16 +44,16 @@
         4. Set the Enable security defaults to Enabled
         5. Select Save"
 
-    impact 0.5
-    tag nist: ['CM-1','CM-2','CM-6','CM-7','CM-7(1)','CM-9','SA-3','SA-8','SA-10']
-    tag severity: 'medium'
-    tag cis_controls: [{ '8' => ['4.1'] }]
+  impact 0.5
+  tag nist: ['CM-1', 'CM-2', 'CM-6', 'CM-7', 'CM-7(1)', 'CM-9', 'SA-3', 'SA-8', 'SA-10']
+  tag severity: 'medium'
+  tag cis_controls: [{ '8' => ['4.1'] }]
 
-    ref 'https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults'
-    ref 'https://techcommunity.microsoft.com/t5/azure-active-directory-identity/introducing-security-defaults/ba-p/1061414'
-    ref 'https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-identity-management#im-2-protect-identity-and-authentication-systems'
+  ref 'https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults'
+  ref 'https://techcommunity.microsoft.com/t5/azure-active-directory-identity/introducing-security-defaults/ba-p/1061414'
+  ref 'https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-identity-management#im-2-protect-identity-and-authentication-systems'
 
-    describe 'Ensure Security Defaults is enabled on Microsoft Entra ID' do
-        skip 'The check for this control needs to be done manually'
-    end
-end
+  describe 'Ensure Security Defaults is enabled on Microsoft Entra ID' do
+    skip 'The check for this control needs to be done manually'
+  end
+end
diff --git a/controls/azure-foundations-cis-2.1.2.rb b/controls/azure-foundations-cis-2.1.2.rb
@@ -1,6 +1,6 @@
 control 'azure-foundations-cis-2.1.2' do
-    title "Ensure that 'Multi-Factor Auth Status' is 'Enabled' for allPrivileged Users"
-    desc "[IMPORTANT - Please read the section overview: If your organization pays for
+  title "Ensure that 'Multi-Factor Auth Status' is 'Enabled' for allPrivileged Users"
+  desc "[IMPORTANT - Please read the section overview: If your organization pays for
         Microsoft Entra ID licensing (included in Microsoft 365 E3, E5, or F5, and EM&S E3 or
         E5 licenses) and CAN use Conditional Access, ignore the recommendations in this
         section and proceed to the Conditional Access section.]
@@ -11,21 +11,20 @@
         • Subscription Owners
         • Contributors"
 
-    desc 'rationale',
-        "Multi-factor authentication requires an individual to present a minimum of two separate
+  desc 'rationale',
+       "Multi-factor authentication requires an individual to present a minimum of two separate
         forms of authentication before access is granted. Multi-factor authentication provides
         additional assurance that the individual attempting to gain access is who they claim to
         be. With multi-factor authentication, an attacker would need to compromise at least two
         different authentication mechanisms, increasing the difficulty of compromise and thus
         reducing the risk."
 
-    desc 'impact',
-        "Users would require two forms of authentication before any access is granted.
+  desc 'impact',
+       "Users would require two forms of authentication before any access is granted.
         Additional administrative time will be required for managing dual forms of authentication
         when enabling multi-factor authentication."
 
-
-    desc 'check',
+  desc 'check',
        "Audit from Azure Portal
         1. From Azure Home select the Portal Menu
         2. Select the Microsoft Entra ID blade
@@ -72,7 +71,7 @@
         • Policy ID: 931e118d-50a1-4457-a5e4-78550e086c52 - Name: 'Accounts with
         write permissions on Azure resources should be MFA enabled'"
 
-    desc 'fix',
+  desc 'fix',
        "From Azure Portal
         1. From Azure Home select the Portal Menu
         2. Select Microsoft Entra ID blade
@@ -85,16 +84,16 @@
         8. Click enable multi-factor auth
         9. Click close"
 
-    impact 0.5
-    tag nist: ['IA-2(1)','IA-2(2)','AC-19','IA-2(1)']
-    tag severity: 'medium'
-    tag cis_controls: [{ '8' => ['6.3','6.4','6.5'] }]
+  impact 0.5
+  tag nist: ['IA-2(1)', 'IA-2(2)', 'AC-19', 'IA-2(1)']
+  tag severity: 'medium'
+  tag cis_controls: [{ '8' => ['6.3', '6.4', '6.5'] }]
 
-    ref 'https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication'
-    ref 'https://stackoverflow.com/questions/41156206/azure-active-directory-premium-mfa-attributes-via-graph-api' 
-    ref 'https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-identity-management#im-4-authenticate-server-and-services'
+  ref 'https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication'
+  ref 'https://stackoverflow.com/questions/41156206/azure-active-directory-premium-mfa-attributes-via-graph-api'
+  ref 'https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-identity-management#im-4-authenticate-server-and-services'
 
-    describe 'benchmark' do
-        skip 'The check for this control needs to be done manually'
-    end
-end
+  describe 'benchmark' do
+    skip 'The check for this control needs to be done manually'
+  end
+end
diff --git a/controls/azure-foundations-cis-2.1.3.rb b/controls/azure-foundations-cis-2.1.3.rb
@@ -1,24 +1,24 @@
 control 'azure-foundations-cis-2.1.3' do
-    title "Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users"
-    desc "[IMPORTANT - Please read the section overview: If your organization pays for
+  title "Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users"
+  desc "[IMPORTANT - Please read the section overview: If your organization pays for
         Microsoft Entra ID licensing (included in Microsoft 365 E3, E5, or F5, and EM&S E3 or
         E5 licenses) and CAN use Conditional Access, ignore the recommendations in this
         section and proceed to the Conditional Access section.]
         Enable multi-factor authentication for all non-privileged users."
 
-    desc 'rationale',
-        "Multi-factor authentication requires an individual to present a minimum of two separate
+  desc 'rationale',
+       "Multi-factor authentication requires an individual to present a minimum of two separate
         forms of authentication before access is granted. Multi-factor authentication provides
         additional assurance that the individual attempting to gain access is who they claim to
         be. With multi-factor authentication, an attacker would need to compromise at least two
         different authentication mechanisms, increasing the difficulty of compromise and thus
         reducing the risk."
 
-    desc 'impact',
-        "Users would require two forms of authentication before any access is granted. Also, this
+  desc 'impact',
+       "Users would require two forms of authentication before any access is granted. Also, this
         requires an overhead for managing dual forms of authentication."
 
-    desc 'check',
+  desc 'check',
        "Audit from Azure Portal
         1. From Azure Home select the Portal Menu
         2. Select the Microsoft Entra ID blade
@@ -60,7 +60,7 @@
         • Policy ID: 81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 - Name: 'Accounts with
         read permissions on Azure resources should be MFA enabled"
 
-    desc 'fix',
+  desc 'fix',
        "Follow Microsoft Azure documentation and enable multi-factor authentication in your
         environment.
         https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-
@@ -73,16 +73,16 @@
         getstarted#enable-multi-factor-authentication-with-conditional-access
         https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-mfasettings"
 
-    impact 0.5
-    tag nist: ['IA-2(1)','IA-2(2)','AC-19']
-    tag severity: 'medium'
-    tag cis_controls: [{ '8' => ['6.3','6.4'] }]
+  impact 0.5
+  tag nist: ['IA-2(1)', 'IA-2(2)', 'AC-19']
+  tag severity: 'medium'
+  tag cis_controls: [{ '8' => ['6.3', '6.4'] }]
 
-    ref 'https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication'
-    ref 'https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-userstates'
-    ref 'https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-identity-management#im-4-authenticate-server-and-services'
+  ref 'https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication'
+  ref 'https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-userstates'
+  ref 'https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-identity-management#im-4-authenticate-server-and-services'
 
-    describe 'benchmark' do
-        skip 'The check for this control needs to be done manually'
-    end
-end
+  describe 'benchmark' do
+    skip 'The check for this control needs to be done manually'
+  end
+end
diff --git a/controls/azure-foundations-cis-2.1.4.rb b/controls/azure-foundations-cis-2.1.4.rb
@@ -1,23 +1,23 @@
 control 'azure-foundations-cis-2.1.4' do
-    title "Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled"
-    desc "[IMPORTANT - Please read the section overview: If your organization pays for
+  title "Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled"
+  desc "[IMPORTANT - Please read the section overview: If your organization pays for
         Microsoft Entra ID licensing (included in Microsoft 365 E3, E5, or F5, and EM&S E3 or
         E5 licenses) and CAN use Conditional Access, ignore the recommendations in this
         section and proceed to the Conditional Access section.]
         Do not allow users to remember multi-factor authentication on devices."
 
-    desc 'rationale',
-        "Remembering Multi-Factor Authentication (MFA) for devices and browsers allows users
+  desc 'rationale',
+       "Remembering Multi-Factor Authentication (MFA) for devices and browsers allows users
         to have the option to bypass MFA for a set number of days after performing a
         successful sign-in using MFA. This can enhance usability by minimizing the number of
         times a user may need to perform two-step verification on the same device. However, if
         an account or device is compromised, remembering MFA for trusted devices may affect
         security. Hence, it is recommended that users not be allowed to bypass MFA."
 
-    desc 'impact',
-        "For every login attempt, the user will be required to perform multi-factor authentication."
+  desc 'impact',
+       'For every login attempt, the user will be required to perform multi-factor authentication.'
 
-    desc 'check',
+  desc 'check',
        "From Azure Portal
         1. From Azure Home select the Portal Menu
         2. Select Microsoft Entra ID
@@ -27,7 +27,7 @@
         6. Ensure that Allow users to remember multi-factor authentication on
         devices they trust is not enabled"
 
-    desc 'fix',
+  desc 'fix',
        "Remediate from Azure Portal
         1. From Azure Home select the Portal Menu
         2. Select Microsoft Entra ID
@@ -38,16 +38,16 @@
         authentication on devices they trust
         7. Click Save"
 
-    impact 0.5
-    tag nist: ['IA-2(1)','IA-2(2)','AC-19']
-    tag severity: 'medium'
-    tag cis_controls: [{ '8' => ['6.3','6.4'] }]
+  impact 0.5
+  tag nist: ['IA-2(1)', 'IA-2(2)', 'AC-19']
+  tag severity: 'medium'
+  tag cis_controls: [{ '8' => ['6.3', '6.4'] }]
 
-    ref 'https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-mfasettings#remember-multi-factor-authentication-for-devices-that-users-trust'
-    ref 'https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-identity-management#im-4-use-strong-authentication-controls-for-all-azure-active-directory-based-access'
-    ref 'https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-identity-management#im-6-use-strong-authentication-controls'
+  ref 'https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-mfasettings#remember-multi-factor-authentication-for-devices-that-users-trust'
+  ref 'https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-identity-management#im-4-use-strong-authentication-controls-for-all-azure-active-directory-based-access'
+  ref 'https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-identity-management#im-6-use-strong-authentication-controls'
 
-    describe "Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled" do
-        skip 'The check for this control needs to be done manually'
-    end
-end
+  describe "Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled" do
+    skip 'The check for this control needs to be done manually'
+  end
+end
diff --git a/controls/azure-foundations-cis-2.10.rb b/controls/azure-foundations-cis-2.10.rb
@@ -1,16 +1,16 @@
 control 'azure-foundations-cis-2.10' do
-    title "Ensure that 'Notify users on password resets?' is set to 'Yes'"
-    desc "Ensure that users are notified on their primary and secondary emails on password resets."
+  title "Ensure that 'Notify users on password resets?' is set to 'Yes'"
+  desc 'Ensure that users are notified on their primary and secondary emails on password resets.'
 
-    desc 'rationale',
-        "User notification on password reset is a proactive way of confirming password reset
+  desc 'rationale',
+       "User notification on password reset is a proactive way of confirming password reset
         activity. It helps the user to recognize unauthorized password reset activities."
 
-    desc 'impact',
-        "Users will receive emails alerting them to password changes to both their primary and
+  desc 'impact',
+       "Users will receive emails alerting them to password changes to both their primary and
         secondary emails."
 
-    desc 'check',
+  desc 'check',
        "From Azure Portal
         1. From Azure Home select the Portal Menu
         2. Select Microsoft Entra ID
@@ -19,7 +19,7 @@
         5. Under Manage, select Notifications
         6. Ensure that Notify users on password resets? is set to Yes"
 
-    desc 'fix',
+  desc 'fix',
        "Remediate from Azure Portal
         1. From Azure Home select the Portal Menu
         2. Select Microsoft Entra ID
@@ -29,17 +29,17 @@
         6. Set Notify users on password resets? to Yes
         7. Click Save"
 
-    impact 0.5
-    tag nist: ['AC-2(1)','AC-3']
-    tag severity: 'medium'
-    tag cis_controls: [{ '8' => ['6.7'] }]
+  impact 0.5
+  tag nist: ['AC-2(1)', 'AC-3']
+  tag severity: 'medium'
+  tag cis_controls: [{ '8' => ['6.7'] }]
 
-    ref 'https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr#set-up-notifications-and-customizations'
-    ref 'https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-how-it-works#notifications'
-    ref 'https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment'
-    ref 'https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-governance-strategy#gs-6-define-and-implement-identity-and-privileged-access-strategy'
+  ref 'https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr#set-up-notifications-and-customizations'
+  ref 'https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-how-it-works#notifications'
+  ref 'https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment'
+  ref 'https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-governance-strategy#gs-6-define-and-implement-identity-and-privileged-access-strategy'
 
-    describe "Ensure that 'Notify users on password resets?' is set to 'Yes'" do
-        skip 'The check for this control needs to be done manually'
-    end
-end
+  describe "Ensure that 'Notify users on password resets?' is set to 'Yes'" do
+    skip 'The check for this control needs to be done manually'
+  end
+end