Update PowerSTIG to move O365 Pro Plus log entries into Exclusion Rul…

…e list (#817)

* Moved log file entries to exclusion rule list

* Added Org file values

Co-authored-by: Jason Patton <japatton@microsoft.com>

CHANGELOG.md

@@ -5,6 +5,7 @@
 * Update PowerSTIG to remove old rule Ids in Hard Coded Framework: [#790](https://github.com/microsoft/PowerStig/issues/790)
 * Update PowerSTIG to Parse/Apply MS Office 365 ProPlus Ver 2, Rel 1: [#811](https://github.com/microsoft/PowerStig/issues/811)
 * Update PowerSTIG to Add Checklist Accountability: [#808](https://github.com/microsoft/PowerStig/issues/808)
+* Update PowerSTIG to move O365 Pro Plus log entries into Exclusion Rule list: [#815](https://github.com/microsoft/PowerStig/issues/815)
 
 ## [4.7.0] - 2020-12-17
 

source/Module/Common/Convert/Data.ps1

@@ -40,5 +40,18 @@ data exclusionRuleList
         V-94533 = 'Vsphere: To Be added in a future release'
         V-102627 = 'No automation available based on STIG Guidance, Fix text recommends setting up Windows Hello for non-domain systems'
         V-220946 = 'No automation available based on STIG Guidance, Fix text recommends setting up Windows Hello for non-domain systems'
+        V-223296 = 'Office: Unknown user data required'
+        V-223297 = 'Office: Unknown user data required'
+        V-223298 = 'Office: Unknown user data required'
+        V-223299 = 'Office: Unknown user data required'
+        V-223300 = 'Office: Unknown user data required'
+        V-223301 = 'Office: Unknown user data required'
+        V-223302 = 'Office: Unknown user data required'
+        V-223303 = 'Office: Unknown user data required'
+        V-223304 = 'Office: Unknown user data required'
+        V-223305 = 'Office: Unknown user data required'
+        V-223306 = 'Office: Unknown user data required'
+        V-223307 = 'Office: Unknown user data required'
+        V-223308 = 'Office: Unknown user data required'
 '@
 }

source/StigData/Archive/Office/U_MS_Office_365_ProPlus_STIG_V2R1_Manual-xccdf.log

@@ -1,17 +1,3 @@
-V-223282::or the value is REG_DWORD =1::Removed
-V-223296::HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT::Removed
-V-223297::HKLM\software\microsoft\internet explorer\main\featurecontrol\feature_mime_handling::Removed
-V-223298::HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE::Removed
-V-223299::HKLM\software\microsoft\internet explorer\main\featurecontrol\feature_securityband::Removed
-V-223300::HKLM\software\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown::Removed
-V-223301::HKLM\software\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing::Removed
-V-223302::HKLM\software\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url::Removed
-V-223303::HKLM\software\microsoft\internet explorer\main\featurecontrol\feature_object_caching::Removed
-V-223304::HKLM\software\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation::Removed
-V-223305::HKLM\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall::Removed
-V-223306::HKLM\software\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload::Removed
-V-223307::HKLM\software\microsoft\internet explorer\main\featurecontrol\feature_unc_saved::Removed
-V-223308::HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS::Removed
 V-223293::If the value for allow user locations::If the value for "allow user locations"
 V-223360::If the value allowuserstolowerattachments::If the value for allowuserstolowerattachments
 V-223288::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Absent'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Security'; ValueName = 'UFIControls'; ValueType = 'String'}

source/StigData/Processed/Office-365ProPlus-2.1.xml

@@ -1,5 +1,5 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="MS_Office_365_ProPlus_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_Office_365_ProPlus_STIG_V2R1_Manual-xccdf.xml" releaseinfo="Release: 1 Benchmark Date: 23 Oct 2020 3.1.1.36225 1.10.0" title="Microsoft Office 365 ProPlus Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.1" created="12/28/2020">
-  <ManualRule dscresourcemodule="None">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="MS_Office_365_ProPlus_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_Office_365_ProPlus_STIG_V2R1_Manual-xccdf.xml" releaseinfo="Release: 1 Benchmark Date: 23 Oct 2020 3.1.1.36225 1.10.0" title="Microsoft Office 365 ProPlus Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.1" created="1/11/2021">
+  <DocumentRule dscresourcemodule="None">
     <Rule id="V-223296" severity="medium" conversionstatus="pass" title="SRG-APP-000207" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Internet Explorer add-ons are pieces of code, run in Internet Explorer, to provide additional functionality. Rogue add-ons may contain viruses or other malicious code. Disabling or not configuring this setting could allow malicious code or users to become active on user computers or the network. For example, a malicious user can monitor and then use keystrokes that user's type into Internet Explorer. Even legitimate add-ons may demand resources, compromising the performance of Internet Explorer and the operating systems for user computers.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
@@ -210,7 +210,7 @@ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RES
 
 If the value for all installed programs is REG_DWORD = 1, this is not a finding.</RawString>
     </Rule>
-  </ManualRule>
+  </DocumentRule>
   <RegistryRule dscresourcemodule="PSDscResources">
     <Rule id="V-223280" severity="medium" conversionstatus="pass" title="SRG-APP-000179" dscresource="RegistryPolicyFile">
       <Description>&lt;VulnDiscussion&gt;This policy setting allows you to block macros from running in Office files that come from the Internet.
@@ -294,7 +294,7 @@ Use the Windows Registry Editor to navigate to the following key:
 
 HKCU\software\policies\Microsoft\office\16.0\access\security
 
-If the value vbawarnings is REG_DWORD = 2, this is not a finding. Values of REG_DWORD = 3 or 4 are also acceptable values. If the registry key does not exist Removed, this is a finding.</RawString>
+If the value vbawarnings is REG_DWORD = 2, this is not a finding. Values of REG_DWORD = 3 or 4 are also acceptable values. If the registry key does not exist or the value is REG_DWORD =1, this is a finding.</RawString>
       <ValueData />
       <ValueName>vbawarnings</ValueName>
       <ValueType>Dword</ValueType>