4.6.0 PR to Dev for Release (#780)

* Update PowerSTIG with new SkipRuleCategory Parameter to skip entire STIG Category/Severity Level(s) (#740) * Fixed Missing OrgSettings for V-88203 - Win10 Client 1.19 and 1.21 (#672) * fixed V-88203 to be org setting with Tenant Guid * updated changelog.md * fixed registry rule issue in sql 2016 (#671) * Release Process Update: Ensure the nuget package uses explicit DSC Resource Module Versions (#670) * dialy commit * updated build task to leverage nuget * added new line for Common.Data.ps1 * warning message to troubleshoot ADO pipeline * updated package tasks * updated release.module.build * updated module * updated release * updated release * updated release * hard coded nuget.exe path * fixed FilePath parameter * dynamically detect nuget.exe * nuget dynamic detection * testing alternate nuget detection * updated release to leverage get-command for nuget detection * updated code to replace only the task needed * updated build funct. conform to style guideline * updated New-NuspecFile funciton * Update PowerSTIG to successfully parse/apply Windows 2012 R2 MS Version 2, Rev 19 (#679) * added support for 2012 R2 V2R19 * added new line to xml * added Server 2019 V1R5,removed V1R2 (#684) * Update PowerSTIG to successfully parse/apply Windows 10 STIG - V1R23 (#682) * Added Windows Client V1R23, Removed Windows CLient V1R19 * Added Windows Client V1R23, Removed Windows CLient V1R19 * removed random tabs * removed tabs from converted * updated based on feedback Co-authored-by: Brian Wilhite <bcwilhite@live.com> * added support for 2016 V1R12 DC/MS (#685) * Fixed: IIS Sever 10.0 STIG hardening rule V-100163 fails with error in Windows Server 2019 while using PowerSTIG 4.4.2 (#689) * updated PowerSTIG to use AccessControlDsc 1.4.1 * updated composites with AccessControlDsc 1.4.1 * Update PowerSTIG to successfully parse/apply IIS 10.0 Site/Server V1R2 STIGs (#701) * added support for IIS 10 Site/Server V1R2 * updated IISServer 10 V1R1 org settings file * Revert "updated IISServer 10 V1R1 org settings file" This reverts commit 54d4e82. * added Firefox V4R29 STIG, remove V4R27 (#700) Co-authored-by: Brian Wilhite <bcwilhite@live.com> * Update PowerSTIG to successfully parse/apply SQL Server 2016 Instance V1R10 (#705) * added SQL 2016 Instance V1R10, removed V1R8 * Updated changelog.md Co-authored-by: Brian Wilhite <bcwilhite@live.com> * added dns V1R15 (#697) squash/merge * Update PowerSTIG To Use xDnsServer version 1.16.0.0 (#703) * Updated xDnsServer version * update module version * updated changelog.md * upgrade xWebadministration to 3.2.0 (#714) * added IE 11 STIG - V1R19 (#708) * Removed Windows Server 2016 DC/MS V1R9 from processed STIGs folder (#710) * removed old 2016 DC/MS processed STIGs * updated changelog.md * Update PowerSTIG to successfully parse/apply IIS Site/Server V1R11 STIGs (#706) * added support for IIS site/server V1R11 * removed old processed STIGs * updated AuditPolicyDsc to 1.4.0.0 (#716) * Allow application of applicable user rights assignments for non-domain and disconnected systems (#719) * updated based on community feedback * update based on feedback * update powerstig to use SecurityPolicyDsc 2.10.0.0 (#717) * updated PowerSTIG to use ComputerMgmtDsc to 8.4.0 (#721) * Added SkipRuleCategory support to PowerSTIG * updating test to be compat with new feature * updated test configs with dynamic logic * updated test logic to run get-dscresource once * updated to disallow skipping doc/man rules * updated integration dscresource tests * PR Feedback updates Co-authored-by: Eric Jenkins <erjenkin@microsoft.com> * Increase Code Coverage of PowerSTIG to %75 (#742) * updated tests for increased code cov part 1 * fixed test * update changelog.md * update changelog * tes * reverted change * added VsphereNTPsetting tests * updated checklist test * updated DomainName Function tests * updated powerstig xml tests * added tests for Convertto-PowerSTIGxml and Compare * updated tests * updated webconfig property rule test * updated to convert all STIGS * removed redundant tests * update only select one of each STIG * added all office stigs * reverted some tests * updated tests: * removed dependency for helper files * updated tests * removed example folder * update based on feedback * updated test * Increase Code Coverage of PowerSTIG (#745) * Fixed Missing OrgSettings for V-88203 - Win10 Client 1.19 and 1.21 (#672) * fixed V-88203 to be org setting with Tenant Guid * updated changelog.md * fixed registry rule issue in sql 2016 (#671) * Release Process Update: Ensure the nuget package uses explicit DSC Resource Module Versions (#670) * dialy commit * updated build task to leverage nuget * added new line for Common.Data.ps1 * warning message to troubleshoot ADO pipeline * updated package tasks * updated release.module.build * updated module * updated release * updated release * updated release * hard coded nuget.exe path * fixed FilePath parameter * dynamically detect nuget.exe * nuget dynamic detection * testing alternate nuget detection * updated release to leverage get-command for nuget detection * updated code to replace only the task needed * updated build funct. conform to style guideline * updated New-NuspecFile funciton * Update PowerSTIG to successfully parse/apply Windows 2012 R2 MS Version 2, Rev 19 (#679) * added support for 2012 R2 V2R19 * added new line to xml * added Server 2019 V1R5,removed V1R2 (#684) * Update PowerSTIG to successfully parse/apply Windows 10 STIG - V1R23 (#682) * Added Windows Client V1R23, Removed Windows CLient V1R19 * Added Windows Client V1R23, Removed Windows CLient V1R19 * removed random tabs * removed tabs from converted * updated based on feedback Co-authored-by: Brian Wilhite <bcwilhite@live.com> * added support for 2016 V1R12 DC/MS (#685) * Fixed: IIS Sever 10.0 STIG hardening rule V-100163 fails with error in Windows Server 2019 while using PowerSTIG 4.4.2 (#689) * updated PowerSTIG to use AccessControlDsc 1.4.1 * updated composites with AccessControlDsc 1.4.1 * Update PowerSTIG to successfully parse/apply IIS 10.0 Site/Server V1R2 STIGs (#701) * added support for IIS 10 Site/Server V1R2 * updated IISServer 10 V1R1 org settings file * Revert "updated IISServer 10 V1R1 org settings file" This reverts commit 54d4e82. * added Firefox V4R29 STIG, remove V4R27 (#700) Co-authored-by: Brian Wilhite <bcwilhite@live.com> * Update PowerSTIG to successfully parse/apply SQL Server 2016 Instance V1R10 (#705) * added SQL 2016 Instance V1R10, removed V1R8 * Updated changelog.md Co-authored-by: Brian Wilhite <bcwilhite@live.com> * added dns V1R15 (#697) squash/merge * Update PowerSTIG To Use xDnsServer version 1.16.0.0 (#703) * Updated xDnsServer version * update module version * updated changelog.md * upgrade xWebadministration to 3.2.0 (#714) * added IE 11 STIG - V1R19 (#708) * Removed Windows Server 2016 DC/MS V1R9 from processed STIGs folder (#710) * removed old 2016 DC/MS processed STIGs * updated changelog.md * Update PowerSTIG to successfully parse/apply IIS Site/Server V1R11 STIGs (#706) * added support for IIS site/server V1R11 * removed old processed STIGs * updated AuditPolicyDsc to 1.4.0.0 (#716) * Allow application of applicable user rights assignments for non-domain and disconnected systems (#719) * updated based on community feedback * update based on feedback * update powerstig to use SecurityPolicyDsc 2.10.0.0 (#717) * updated PowerSTIG to use ComputerMgmtDsc to 8.4.0 (#721) * Added SkipRuleCategory support to PowerSTIG * updating test to be compat with new feature * updated test configs with dynamic logic * updated test logic to run get-dscresource once * updated to disallow skipping doc/man rules * updated integration dscresource tests * testing code coverage * updated registryrule test to include more coverage * updated sqlscriptqueryrule tests * updated setScript in Get-ShutdownOnError function * updated permissionrule tests with add. test case * updated permRule test to increase code coverage * updated changelog * updated test and code coverage threshold * updated code coverage threshold to 81 * updated CC threshold to 80 Co-authored-by: Eric Jenkins <erjenkin@microsoft.com> * Update spacing in DoD logon script (#758) * updated spacing in rule * Updated changelog.md * Functions.Checklist Manual Checks need to leverage psd1 files - Backward Compat Issue (#756) * fixed issue 746 * update functions based on feedback * updated function to work correctly with psd1 * updated changelog.md * updated tests for issue 746 * added support for Outlook 2016 V2R1 (#768) * Update PowerSTIG to successfully parse/apply Microsoft SQL Server 2016 Instance Version 2; Release 1 (#766) * added support for 2016 instance 2.1 * removed tabs from xccdf and processed xml * Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 Server DNS STIG - Ver 2, Rel 1 (#763) * updated Dns Server V2R1 * added new line to added DNS STIG * Update PowerSTIG to successfully parse/apply Microsoft IIS 8.5 SITE/SERVER STIG - Ver 2, Rel 1 (#765) * updated to add support for iis 8.5 v2r1 * updated org setting * Update PowerSTIG to successfully parse/apply Microsoft IIS 10 SITE/SERVER STIG - Ver 2, Rel 1 (#764) * updated to support IIS 10 site/server V2R1 * updated to support IIS 10 site/server V2R1 * update changelog * updated rule split * newline * updated based on feedback Co-authored-by: Brian Wilhite <bcwilhite@live.com> * Update PowerSTIG to successfully parse/apply Microsoft Office System 2013 STIG - Ver 2, Rel 1 (#770) * added xccdf, parser changes needed before convert * add process xml after parser single quote removal * updated replace statement based on feedback * Update PowerSTIG to send a warning to the user when using a composite that leverages the new DISA Ids (#773) * add disa warn msg to composites with new 2.1 stig * updated changelog.md * Provide Method to install DoD Root Certs for Server and Client OS (#775) * initial commit * updated changelog * added unit test * updated module import * updated composite * updated after testing * updated tests * updated coverted stig * updated integration tests * updated based on testing * updated changelog to kick * updated due to missing cert on 2019 stigs * update to build.yaml * updated based on comments * updated based on test * updated based on PR feedback * Update PowerSTIG to Provide Rule Data from Processed xml (#777) * create tooling function for rule query by end user * update changelog.md * update new functions to dsc guideline standards * deving exception string tooling * update function to address u009D in description * added vulnId to non-detailed output * merged local with 4.6.0 * updated functions, tests are outstanding * updated tests. * added tests for RuleQuery functions. * update build.yaml to skip broke git changelog test * mod build.yaml to correct exclusion for changelog * updated test based on feedback * Update Windows 10 Client STIGs based on ACAS results (#779) * update for rule v-63381 acas scan * update PowerSTIG to parse V-63685 * updated changelog * updated build yaml for changelog * merge conflict issue reprocessed stig Co-authored-by: Brian Wilhite <bcwilhite@live.com> * updated filehash and changelog Co-authored-by: Eric Jenkins <erjenkin@microsoft.com>
microsoft · Dec 1, 2020 · 7007278 · 7007278
1 parent b2b75d3
commit 7007278
Show file tree

Hide file tree

Showing 179 changed files with 17,236 additions and 13,977 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,22 @@
 
 ## [Unreleased]
 
+## [4.6.0] - 2020-12-01
+
+* Provide Method to install DoD Root Certs for Server OS and Client OS: [#755](https://github.com/microsoft/PowerStig/issues/755)
+* Update Windows 10 Client STIGs based on ACAS results: [#778](https://github.com/microsoft/PowerStig/issues/778)
+* Update PowerSTIG to Provide Rule Data from Processed xml: [#747](https://github.com/microsoft/PowerStig/issues/747)
+* Update PowerSTIG to send a warning to the user when using a composite that leverages the new DISA Ids: [#772](https://github.com/microsoft/PowerStig/issues/772)
+* Update PowerSTIG to successfully parse/apply Microsoft Office System 2013 STIG - Ver 2, Rel 1: [#769](https://github.com/microsoft/PowerStig/issues/769)
+* Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 Server DNS STIG - Ver 2, Rel 1: [#760](https://github.com/microsoft/PowerStig/issues/760)
+* Update PowerSTIG to successfully parse/apply Microsoft SQL Server 2016 Instance Version 2; Release 1: [#761](https://github.com/microsoft/PowerStig/issues/761)
+* Update PowerSTIG to successfully parse/apply Microsoft Outlook 2016 Version 2; Release 1: [#767](https://github.com/microsoft/PowerStig/issues/767)
+* Update spacing in DoD logon script: [#757](https://github.com/microsoft/PowerStig/issues/757)
+* Update PowerSTIG to Increase Code Coverage of Unit Tests: [#737](https://github.com/microsoft/PowerStig/issues/737)
+* Update PowerSTIG with new SkipRuleSeverity Parameter to skip entire STIG Category/Severity Level(s): [#711](https://github.com/microsoft/PowerStig/issues/711)
+* Update PowerSTIG to successfully parse/apply Microsoft IIS 10 SITE/SERVER STIG - Ver 2, Rel 1: [#759](https://github.com/microsoft/PowerStig/issues/759)
+* Update PowerSTIG to successfully parse/apply IIS 8.5 Site/Server V2R1 STIGs: [#762](https://github.com/microsoft/PowerStig/issues/762)
+
 ## [4.5.1] - 2020-10-12
 
 * Fixed [#746](https://github.com/microsoft/PowerStig/issues/746): Functions.Checklist Manual Checks need to leverage psd1 files - Backward Compat Issue

diff --git a/FILEHASH.md b/FILEHASH.md
diff --git a/Tests/Integration/DSCResources/.tests.header.ps1 b/Tests/Integration/DSCResources/.tests.header.ps1
@@ -1,5 +1,11 @@
 $script:DSCModuleName = 'PowerStig'
 
+# Using global variable so that Get-DscResource will only run when needed
+if ($null -eq $global:getDscResource)
+{
+    $global:getDscResource = Get-DscResource -Module $script:DSCModuleName
+}
+
 $script:projectRoot = Split-Path -Path (Split-Path -Path (Split-Path -Path $PSScriptRoot -Parent) -Parent) -Parent
 $script:buildOutput = Join-Path -Path $projectRoot -ChildPath 'output'
 $script:modulePath = (Get-ChildItem -Path $buildOutput -Filter 'PowerStig.psd1' -Recurse).FullName

diff --git a/Tests/Integration/DSCResources/Adobe.config.ps1 b/Tests/Integration/DSCResources/Adobe.config.ps1
@@ -25,53 +25,34 @@ configuration Adobe_config
         $SkipRuleType,
 
         [Parameter()]
-        [hashtable]
-        $Exception,
+        [string[]]
+        $SkipRuleSeverity,
 
         [Parameter()]
         [hashtable]
-        $BackwardCompatibilityException,
+        $Exception,
 
         [Parameter()]
         [object]
-        $OrgSettings
+        $OrgSettings,
+
+        [Parameter()]
+        [string[]]
+        $ResourceParameters
     )
 
     Import-DscResource -ModuleName PowerStig
 
     Node localhost
     {
-        & ([scriptblock]::Create("
-        Adobe BaseLineSettings
-        {
-            AdobeApp    = '$TechnologyVersion'
-            StigVersion = '$StigVersion'
-            $(if ($OrgSettings -is [hashtable])
-            {
-                "Orgsettings = @{`n$($OrgSettings.Keys |
-                    ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f
-                        $PSItem, '@{', $($OrgSettings[$PSItem].Keys), $($OrgSettings[$PSItem][$OrgSettings[$PSItem].Keys]), '}'})}"
-            }
-            elseif ($null -ne $OrgSettings)
-            {
-                "Orgsettings = '$OrgSettings'"
-            })
-            $(if ($null -ne $Exception)
-            {
-                "Exception = @{`n$($Exception.Keys |
-                    ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f
-                        $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}"
-            })
-            $(if ($null -ne $BackwardCompatibilityException)
-            {
-                "Exception = @{`n$($BackwardCompatibilityException.Keys |
-                    ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}"
-            })
-            $(if ($null -ne $SkipRule)
-            {
-                "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n"
-            })
-        }")
-        )
+        $psboundParams = $PSBoundParameters
+        $psboundParams.AdobeApp = $psboundParams['TechnologyVersion']
+        $psboundParams.Remove('TechnologyRole')
+        $psboundParams.Remove('ConfigurationData')
+        $psboundParams.Remove('TechnologyVersion')
+
+        $resourceParamString = New-ResourceParameterString -ResourceParameters $ResourceParameters -PSBoundParams $psboundParams
+        $resourceScriptBlockString = New-ResourceString -ResourceParameterString $resourceParamString -ResourceName Adobe
+        & ([scriptblock]::Create($resourceScriptBlockString))
     }
 }
diff --git a/Tests/Integration/DSCResources/Adobe.integration.tests.ps1 b/Tests/Integration/DSCResources/Adobe.integration.tests.ps1
@@ -7,6 +7,8 @@ $configFile = Join-Path -Path $PSScriptRoot -ChildPath "$($script:DSCCompositeRe
 . $configFile
 
 $stigList = Get-StigVersionTable -CompositeResourceName $script:DSCCompositeResourceName
+$resourceInformation = $global:getDscResource | Where-Object -FilterScript {$PSItem.Name -eq $script:DSCCompositeResourceName}
+$resourceParameters = $resourceInformation.Properties.Name
 
 foreach ($stig in $stigList)
 {
@@ -23,6 +25,13 @@ foreach ($stig in $stigList)
     $skipRuleTypeMultiple = $null
     $expectedSkipRuleTypeMultipleCount = 0 + $blankSkipRuleId.Count
 
+    $singleSkipRuleSeverity = 'CAT_I'
+    $multipleSkipRuleSeverity = 'CAT_I', 'CAT_II'
+    $expectedSingleSkipRuleSeverity = Get-CategoryRule -PowerStigXml $powerstigXml -RuleCategory $singleSkipRuleSeverity
+    $expectedSingleSkipRuleSeverityCount = ($expectedSingleSkipRuleSeverity | Measure-Object).Count + $blankSkipRuleId.Count
+    $expectedMultipleSkipRuleSeverity = Get-CategoryRule -PowerStigXml $powerstigXml -RuleCategory $multipleSkipRuleSeverity
+    $expectedMultipleSkipRuleSeverityCount = ($expectedMultipleSkipRuleSeverity | Measure-Object).Count + $blankSkipRuleId.Count
+
     $getRandomExceptionRuleParams = @{
         RuleType       = 'RegistryRule'
         PowerStigXml   = $powerstigXml

diff --git a/Tests/Integration/DSCResources/Common.integration.ps1 b/Tests/Integration/DSCResources/Common.integration.ps1
@@ -13,10 +13,11 @@ Describe ($title + " $($stig.StigVersion) mof output") {
     $technologyConfig = "$($script:DSCCompositeResourceName)_config"
 
     $testParameterList = @{
-        TechnologyVersion = $stig.TechnologyVersion
-        TechnologyRole    = $stig.TechnologyRole
-        StigVersion       = $stig.StigVersion
-        OutputPath        = $TestDrive
+        TechnologyVersion  = $stig.TechnologyVersion
+        TechnologyRole     = $stig.TechnologyRole
+        StigVersion        = $stig.StigVersion
+        OutputPath         = $TestDrive
+        ResourceParameters = $resourceParameters
     }
 
     # Add additional test parameters to current test configuration
@@ -89,17 +90,17 @@ Describe ($title + " $($stig.StigVersion) mof output") {
 
         Context 'Single Backward Compatibility Exception' {
             It "Should compile the MOF with STIG exception $($backCompatException.Keys) without throwing" {
-                {& $technologyConfig @testParameterList -BackwardCompatibilityException $backCompatException} | Should -Not -Throw
+                {& $technologyConfig @testParameterList -Exception $backCompatException} | Should -Not -Throw
             }
         }
 
         Context 'Multiple Backward Compatibility Exceptions' {
             It "Should compile the MOF with STIG exceptions $($backCompatExceptionMultiple.Keys) without throwing" {
-                {& $technologyConfig @testParameterList -BackwardCompatibilityException $backCompatExceptionMultiple} | Should -Not -Throw
+                {& $technologyConfig @testParameterList -Exception $backCompatExceptionMultiple} | Should -Not -Throw
             }
         }
 
-        Context 'Single Rule' {
+        Context 'Single Skip Rule' {
             It 'Should compile the MOF without throwing' {
                 {& $technologyConfig @testParameterList -SkipRule $skipRule } | Should -Not -Throw
             }
@@ -115,7 +116,7 @@ Describe ($title + " $($stig.StigVersion) mof output") {
             }
         }
 
-        Context 'Multiple Rules' {
+        Context 'Multiple Skip Rules' {
             It 'Should compile the MOF without throwing' {
                 {& $technologyConfig @testParameterList -SkipRule $skipRuleMultiple} | Should -Not -Throw
             }
@@ -133,7 +134,7 @@ Describe ($title + " $($stig.StigVersion) mof output") {
             }
         }
 
-        Context "$($stig.TechnologyRole) $($stig.StigVersion) Single Type" {
+        Context "$($stig.TechnologyRole) $($stig.StigVersion) Single Skip Rule Type" {
             It "Should compile the MOF without throwing" {
                 {& $technologyConfig @testParameterList -SkipRuleType $skipRuleType} | Should -Not -Throw
             }
@@ -149,9 +150,9 @@ Describe ($title + " $($stig.StigVersion) mof output") {
             }
         }
 
-        Context 'Multiple Types' {
+        Context "$($stig.TechnologyRole) $($stig.StigVersion) Multiple Skip Rule Types" {
             It "Should compile the MOF without throwing" {
-                {& $technologyConfig @testParameterList -SkipruleType $skipRuleTypeMultiple} | Should -Not -Throw
+                {& $technologyConfig @testParameterList -SkipRuleType $skipRuleTypeMultiple} | Should -Not -Throw
             }
             # Gets the mof content
             $configurationDocumentPath = "$TestDrive\localhost.mof"
@@ -165,6 +166,38 @@ Describe ($title + " $($stig.StigVersion) mof output") {
             }
         }
 
+        Context "When $($stig.TechnologyRole) $($stig.StigVersion) Single Skip Rule Severity Category is leveraged" {
+            It "Should compile the MOF with $singleSkipRuleSeverity SkipRuleSeverity without throwing" {
+                {& $technologyConfig @testParameterList -SkipRuleSeverity $singleSkipRuleSeverity} | Should -Not -Throw
+            }
+            # Gets the mof content
+            $configurationDocumentPath = "$TestDrive\localhost.mof"
+            $instances = [Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::ImportInstances($configurationDocumentPath, 4)
+
+            # Counts how many Skips there are and how many there should be.
+            $dscMof = @($instances | Where-Object -FilterScript {$PSItem.ResourceID -match "\[Skip\]"})
+
+            It "Should have $expectedSingleSkipRuleSeverityCount Skipped settings" {
+                $dscMof.Count | Should -Be $expectedSingleSkipRuleSeverityCount
+            }
+        }
+
+        Context "When $($stig.TechnologyRole) $($stig.StigVersion) Multiple Skip Rule Severity Categories are leveraged" {
+            It "Should compile the MOF with $($multipleSkipRuleSeverity -join ',') without throwing" {
+                {& $technologyConfig @testParameterList -SkipRuleSeverity $multipleSkipRuleSeverity} | Should -Not -Throw
+            }
+            # Gets the mof content
+            $configurationDocumentPath = "$TestDrive\localhost.mof"
+            $instances = [Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::ImportInstances($configurationDocumentPath, 4)
+
+            # Counts how many Skips there are and how many there should be.
+            $dscMof = @($instances | Where-Object -FilterScript {$PSItem.ResourceID -match "\[Skip\]"})
+
+            It "Should have $expectedMultipleSkipRuleSeverityCount Skipped settings" {
+                $dscMof.Count | Should -Be $expectedMultipleSkipRuleSeverityCount
+            }
+        }
+
         Context 'OrgSettings' {
             $stigPath = $stig.path.TrimEnd(".xml")
             $orgSettings = $stigPath + ".org.default.xml"

diff --git a/Tests/Integration/DSCResources/Firefox.config.ps1 b/Tests/Integration/DSCResources/Firefox.config.ps1
@@ -25,52 +25,33 @@ configuration Firefox_config
         $SkipRuleType,
 
         [Parameter()]
-        [hashtable]
-        $Exception,
+        [string[]]
+        $SkipRuleSeverity,
 
         [Parameter()]
         [hashtable]
-        $BackwardCompatibilityException,
+        $Exception,
 
         [Parameter()]
         [object]
-        $OrgSettings
+        $OrgSettings,
+
+        [Parameter()]
+        [string[]]
+        $ResourceParameters
     )
 
     Import-DscResource -ModuleName PowerStig
 
     Node localhost
     {
-        & ([scriptblock]::Create("
-        Firefox FirefoxConfiguration
-        {
-            Stigversion = '$StigVersion'
-            $(if ($OrgSettings -is [hashtable])
-            {
-                "Orgsettings = @{`n$($OrgSettings.Keys |
-                    ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f
-                        $PSItem, '@{', $($OrgSettings[$PSItem].Keys), $($OrgSettings[$PSItem][$OrgSettings[$PSItem].Keys]), '}'})}"
-            }
-            elseif ($null -ne $OrgSettings)
-            {
-                "Orgsettings = '$OrgSettings'"
-            })
-            $(if ($null -ne $Exception)
-            {
-                "Exception = @{`n$($Exception.Keys |
-                    ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f
-                        $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}"
-            })
-            $(if ($null -ne $BackwardCompatibilityException)
-            {
-                "Exception = @{`n$($BackwardCompatibilityException.Keys |
-                    ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}"
-            })
-            $(if ($null -ne $SkipRule)
-            {
-                "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n"
-            })
-        }")
-        )
+        $psboundParams = $PSBoundParameters
+        $psboundParams.Remove('TechnologyRole')
+        $psboundParams.Remove('ConfigurationData')
+        $psboundParams.Remove('TechnologyVersion')
+
+        $resourceParamString = New-ResourceParameterString -ResourceParameters $ResourceParameters -PSBoundParams $psboundParams
+        $resourceScriptBlockString = New-ResourceString -ResourceParameterString $resourceParamString -ResourceName Firefox
+        & ([scriptblock]::Create($resourceScriptBlockString))
     }
 }
diff --git a/Tests/Integration/DSCResources/Firefox.integration.tests.ps1 b/Tests/Integration/DSCResources/Firefox.integration.tests.ps1
@@ -7,6 +7,8 @@ $configFile = Join-Path -Path $PSScriptRoot -ChildPath "$($script:DSCCompositeRe
 . $configFile
 
 $stigList = Get-StigVersionTable -CompositeResourceName $script:DSCCompositeResourceName
+$resourceInformation = $global:getDscResource | Where-Object -FilterScript {$PSItem.Name -eq $script:DSCCompositeResourceName}
+$resourceParameters = $resourceInformation.Properties.Name
 
 foreach ($stig in $stigList)
 {
@@ -23,6 +25,13 @@ foreach ($stig in $stigList)
     $skipRuleTypeMultiple = $null
     $expectedSkipRuleTypeMultipleCount = 0 + $blankSkipRuleId.Count
 
+    $singleSkipRuleSeverity = 'CAT_I'
+    $multipleSkipRuleSeverity = 'CAT_I', 'CAT_II'
+    $expectedSingleSkipRuleSeverity = Get-CategoryRule -PowerStigXml $powerstigXml -RuleCategory $singleSkipRuleSeverity
+    $expectedSingleSkipRuleSeverityCount = ($expectedSingleSkipRuleSeverity | Measure-Object).Count + $blankSkipRuleId.Count
+    $expectedMultipleSkipRuleSeverity = Get-CategoryRule -PowerStigXml $powerstigXml -RuleCategory $multipleSkipRuleSeverity
+    $expectedMultipleSkipRuleSeverityCount = ($expectedMultipleSkipRuleSeverity | Measure-Object).Count + $blankSkipRuleId.Count
+
     $getRandomExceptionRuleParams = @{
         RuleType       = 'FileContentRule'
         PowerStigXml   = $powerstigXml

diff --git a/Tests/Integration/DSCResources/IisServer.config.ps1 b/Tests/Integration/DSCResources/IisServer.config.ps1
@@ -24,13 +24,17 @@ configuration IisServer_Config
         [string[]]
         $SkipRuleType,
 
+        [Parameter()]
+        [string[]]
+        $SkipRuleSeverity,
+
         [Parameter()]
         [hashtable]
         $Exception,
 
         [Parameter()]
-        [hashtable]
-        $BackwardCompatibilityException,
+        [string[]]
+        $ResourceParameters,
 
         [Parameter()]
         [object]
@@ -46,42 +50,14 @@ configuration IisServer_Config
 
     Node localhost
     {
-        & ([scriptblock]::Create("
-        IisServer ServerConfiguration
-        {
-            IisVersion  = '$TechnologyVersion'
-            StigVersion = '$StigVersion'
-            LogPath     = '$LogPath'
-            $(if ($OrgSettings -is [hashtable])
-            {
-                "Orgsettings = @{`n$($OrgSettings.Keys |
-                    ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f
-                        $PSItem, '@{', $($OrgSettings[$PSItem].Keys), $($OrgSettings[$PSItem][$OrgSettings[$PSItem].Keys]), '}'})}"
-            }
-            elseif ($null -ne $OrgSettings)
-            {
-                "Orgsettings = '$OrgSettings'"
-            })
-            $(if ($null -ne $Exception)
-            {
-                "Exception = @{`n$($Exception.Keys |
-                    ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f
-                        $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}"
-            })
-            $(if ($null -ne $BackwardCompatibilityException)
-            {
-                "Exception = @{`n$($BackwardCompatibilityException.Keys |
-                    ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}"
-            })
-            $(if ($null -ne $SkipRule)
-            {
-                "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n"
-            }
-            if ($null -ne $SkipRuleType)
-            {
-                "SkipRuleType = @($( ($SkipRuleType | ForEach-Object {"'$PSItem'"}) -join ',' ))`n"
-            })
-        }")
-        )
+        $psboundParams = $PSBoundParameters
+        $psboundParams.IisVersion = $psboundParams['TechnologyVersion']
+        $psboundParams.Remove('TechnologyRole')
+        $psboundParams.Remove('ConfigurationData')
+        $psboundParams.Remove('TechnologyVersion')
+
+        $resourceParamString = New-ResourceParameterString -ResourceParameters $ResourceParameters -PSBoundParams $psboundParams
+        $resourceScriptBlockString = New-ResourceString -ResourceParameterString $resourceParamString -ResourceName IisServer
+        & ([scriptblock]::Create($resourceScriptBlockString))
     }
 }