Skip to content

Commit

Permalink
Add the sample report for v0.2 (#308)
Browse files Browse the repository at this point in the history 
* add sample report

* Reformat the json

* properly formatted json for sample report

* Unredact the propper point of contact for DMARC reporting

---------

Co-authored-by: Alden Hilton <adhilto@sandia.gov>
  • Loading branch information
@buidav @adhilto
buidav and adhilto authored Jun 6, 2024
1 parent 00cf550 commit b850aaf
Show file tree
Hide file tree
Showing 15 changed files with 113,768 additions and 1,723 deletions.
24 changes: 12 additions & 12 deletions sample-report/BaselineReports.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@
</div>
</header>
<h1>SCuBA GWS Security Baseline Conformance Reports</h1>
<table style = "text-align:center;"> <colgroup><col/><col/><col/><col/></colgroup> <tr><th>Customer Name</th><th>Customer Domain</th><th>Customer ID</th><th>Report Date</th></tr> <tr><td>Org Name</td><td>example.org</td><td>ABCDEFG</td><td>12/06/2023 11:15:27 Pacific Daylight Time</td></tr> </table>
<table style = "text-align:center;"> <colgroup><col/><col/><col/><col/></colgroup> <tr><th>Customer Domain</th><th>Report Date</th></tr> <tr><td>example.org</td><td>06/05/2024 11:01:19 Pacific Daylight Time</td></tr> </table>
<br> <br/>
<table>
<thead>
Expand All @@ -210,49 +210,49 @@ <h1>SCuBA GWS Security Baseline Conformance Reports</h1>
<tbody>
<tr>
<td><a class="individual_reports" href=./IndividualReports/CalendarReport.html>Google Calendar</a></td>
<td><div class='summary pass'>4 tests passed</div><div class='summary warning'>1 warning</div><div class='summary'></div><div class='summary manual'>3 manual checks needed</div></td>
<td><div class='summary pass'>1 test passed</div><div class='summary'></div><div class='summary failure'>1 test failed</div><div class='summary manual'>4 manual checks needed</div><div class='summary'></div></td>
</tr>
<tr>
<td><a class="individual_reports" href=./IndividualReports/ChatReport.html>Google Chat</a></td>
<td><div class='summary pass'>6 tests passed</div><div class='summary'></div><div class='summary failure'>1 test failed</div><div class='summary manual'>1 manual check needed</div></td>
<td><div class='summary pass'>3 tests passed</div><div class='summary warning'>1 warning</div><div class='summary failure'>1 test failed</div><div class='summary manual'>4 manual checks needed</div><div class='summary'></div></td>
</tr>
<tr>
<td><a class="individual_reports" href=./IndividualReports/ClassroomReport.html>Google Classroom</a></td>
<td><div class='summary pass'>3 tests passed</div><div class='summary'></div><div class='summary failure'>2 tests failed</div><div class='summary'></div></td>
<td><div class='summary pass'>2 tests passed</div><div class='summary warning'>1 warning</div><div class='summary failure'>2 tests failed</div><div class='summary'></div><div class='summary'></div></td>
</tr>
<tr>
<td><a class="individual_reports" href=./IndividualReports/CommoncontrolsReport.html>Common Controls</a></td>
<td><div class='summary pass'>30 tests passed</div><div class='summary warning'>1 warning</div><div class='summary failure'>14 tests failed</div><div class='summary manual'>31 manual checks needed</div></td>
<td><div class='summary pass'>2 tests passed</div><div class='summary'></div><div class='summary failure'>5 tests failed</div><div class='summary manual'>25 manual checks needed</div><div class='summary'></div></td>
</tr>
<tr>
<td><a class="individual_reports" href=./IndividualReports/DriveReport.html>Google Drive and Docs</a></td>
<td><div class='summary pass'>8 tests passed</div><div class='summary warning'>6 warnings</div><div class='summary failure'>3 tests failed</div><div class='summary manual'>1 manual check needed</div></td>
<td><div class='summary pass'>11 tests passed</div><div class='summary warning'>2 warnings</div><div class='summary failure'>3 tests failed</div><div class='summary manual'>1 manual check needed</div><div class='summary'></div></td>
</tr>
<tr>
<td><a class="individual_reports" href=./IndividualReports/GmailReport.html>Gmail</a></td>
<td><div class='summary pass'>22 tests passed</div><div class='summary warning'>4 warnings</div><div class='summary failure'>6 tests failed</div><div class='summary manual'>11 manual checks needed</div></td>
<td><div class='summary pass'>15 tests passed</div><div class='summary warning'>4 warnings</div><div class='summary failure'>11 tests failed</div><div class='summary manual'>13 manual checks needed</div><div class='summary'></div></td>
</tr>
<tr>
<td><a class="individual_reports" href=./IndividualReports/GroupsReport.html>Groups for Business</a></td>
<td><div class='summary pass'>6 tests passed</div><div class='summary warning'>1 warning</div><div class='summary'></div><div class='summary'></div></td>
<td><div class='summary pass'>5 tests passed</div><div class='summary warning'>1 warning</div><div class='summary'></div><div class='summary manual'>1 manual check needed</div><div class='summary'></div></td>
</tr>
<tr>
<td><a class="individual_reports" href=./IndividualReports/MeetReport.html>Google Meet</a></td>
<td><div class='summary pass'>4 tests passed</div><div class='summary'></div><div class='summary'></div><div class='summary'></div></td>
<td><div class='summary pass'>1 test passed</div><div class='summary warning'>1 warning</div><div class='summary failure'>2 tests failed</div><div class='summary'></div><div class='summary'></div></td>
</tr>
<tr>
<td><a class="individual_reports" href=./IndividualReports/RulesReport.html>Rules</a></td>
<td><div class='summary pass'>22 tests passed</div><div class='summary'></div><div class='summary'></div><div class='summary manual'>18 manual checks needed</div></td>
<td><div class='summary pass'>0 tests passed</div><div class='summary'></div><div class='summary'></div><div class='summary manual'>39 manual checks needed</div><div class='summary'></div></td>
</tr>
<tr>
<td><a class="individual_reports" href=./IndividualReports/SitesReport.html>Google Sites</a></td>
<td><div class='summary pass'>1 test passed</div><div class='summary'></div><div class='summary'></div><div class='summary'></div></td>
<td><div class='summary pass'>1 test passed</div><div class='summary'></div><div class='summary'></div><div class='summary'></div><div class='summary'></div></td>
</tr>
</tbody>
</table>
<br> <br/>
<footer>
Report generated with <a class="individual_reports" href="https://github.com/cisagov/ScubaGoggles">CISA's ScubaGoggles</a> tool v0.1.0
Report generated with <a class="individual_reports" href="https://github.com/cisagov/ScubaGoggles">CISA's ScubaGoggles</a> tool v0.2.0
</footer>
</main>
</body>
Expand Down
78 changes: 26 additions & 52 deletions sample-report/IndividualReports/CalendarReport.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,8 +164,8 @@
}
else if (rows[i].children[statusCol].innerHTML.includes("Error")) {
rows[i].style.background = "var(--test-fail)";
rows[i].querySelectorAll('td')[1].style.borderColor = "var(--border-color)";
rows[i].querySelectorAll('td')[1].style.color = "#d10000";
rows[i].querySelectorAll('td')[statusCol].style.borderColor = "var(--border-color)";
rows[i].querySelectorAll('td')[statusCol].style.color = "#d10000";
}
}
catch (error) {
Expand All @@ -192,8 +192,8 @@
</header>
<h1>Google Calendar Baseline Report</h1>
<h4><p><br/></p></h4>
<table style = "text-align:center;"> <colgroup><col/><col/><col/></colgroup> <tr><th>Customer Name </th><th>Report Date</th><th>Baseline Version</th><th>Tool Version</th></tr> <tr><td>Org Name</td><td>12/06/2023 11:15:27 Pacific Daylight Time</td><td>0.1</td><td>0.1.0</td></tr> </table>
<h2>CALENDAR-1 External Sharing Options for Primary Calendars</h2><table>
<table style = "text-align:center;"> <colgroup><col/><col/><col/></colgroup> <tr><th>Customer Domain </th><th>Report Date</th><th>Baseline Version</th><th>Tool Version</th></tr> <tr><td>example.org</td><td>06/05/2024 11:01:18 Pacific Daylight Time</td><td>0.2</td><td>0.2.0</td></tr> </table>
<h2>CALENDAR-1 External Sharing Options</h2><table>
<thead>
<tr>
<th>Control ID</th>
Expand All @@ -205,40 +205,21 @@ <h2>CALENDAR-1 External Sharing Options for Primary Calendars</h2><table
</thead>
<tbody>
<tr>
<td>GWS.CALENDAR.1.1v0.1</td>
<td>External Sharing Options for Primary Calendars SHALL be configured to &quot;Only free/busy information (hide event details)&quot; to restrict information sharing and prevent data leakage.</td>
<td>Pass</td>
<td>GWS.CALENDAR.1.1v0.2</td>
<td>External Sharing Options for Primary Calendars SHALL be configured to &quot;Only free/busy information (hide event details).&quot;</td>
<td>Fail</td>
<td>Shall</td>
<td>Requirement met in all OUs.</td>
</tr>
<tr>
<td>GWS.CALENDAR.1.2v0.1</td>
<td>External sharing options for primary calendars between multiple components within an organization MAY be configured.</td>
<td>N/A</td>
<td>May/Not-Implemented</td>
<td>Currently not able to be tested automatically; please manually check.</td>
</tr>
</tbody>
</table><h2>CALENDAR-2 External Invitations Warnings</h2><table>
<thead>
<tr>
<th>Control ID</th>
<th>Requirement</th>
<th>Result</th>
<th>Criticality</th>
<th>Details</th>
<td>The following OUs are non-compliant:<ul><li>John Gomez: External sharing options for primary calendars is set to Share all information, and allow managing of calendars</li></ul><br>The following groups are non-compliant:<ul><li>ymartin@example.org: External sharing options for primary calendars is set to Share all information, and outsiders can change calendars</li><li>ymartin@example.org: External sharing options for primary calendars is set to Share all information, and outsiders can change calendars</li></ul></td>
</tr>
</thead>
<tbody>
<tr>
<td>GWS.CALENDAR.2.1v0.1</td>
<td>External invitations warnings SHALL be enabled to prompt users before sending invitations.</td>
<td>GWS.CALENDAR.1.2v0.2</td>
<td>External sharing options for secondary calendars SHALL be configured to &quot;Only free/busy information (hide event details).&quot;</td>
<td>Pass</td>
<td>Shall</td>
<td>Requirement met in all OUs.</td>
<td>Requirement met.<br>Highest Level of Sharing: Only free/busy information (hide event details).</td>
</tr>
</tbody>
</table><h2>CALENDAR-3 External Sharing Options for Secondary Calendars</h2><table>
</table><h2>CALENDAR-2 External Invitations Warnings</h2><table>
<thead>
<tr>
<th>Control ID</th>
Expand All @@ -250,21 +231,14 @@ <h2>CALENDAR-1 External Sharing Options for Primary Calendars</h2><table
</thead>
<tbody>
<tr>
<td>GWS.CALENDAR.3.1v0.1</td>
<td>External sharing options for secondary calendars SHALL be configured to &quot;Only free/busy information (hide event details)&quot; to restrict information sharing and prevent data leakage.</td>
<td>Pass</td>
<td>GWS.CALENDAR.2.1v0.2</td>
<td>External invitations warnings SHALL be enabled to prompt users before sending invitations.</td>
<td>No events found</td>
<td>Shall</td>
<td><span class=setting>Only free busy/information for secondary calendars </span> is shared outside example.org</td>
</tr>
<tr>
<td>GWS.CALENDAR.3.2v0.1</td>
<td>External sharing options for secondary calendars between multiple components within an organization MAY be configured.</td>
<td>N/A</td>
<td>May/Not-Implemented</td>
<td>Currently not able to be tested automatically; please manually check.</td>
<td><object data='./images/triangle-exclamation-solid.svg' width='15' height='15'> </object> No relevant event in the current logs for the top-level OU, Org Name. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended.</td>
</tr>
</tbody>
</table><h2>CALENDAR-4 Calendar Interop Management</h2><table>
</table><h2>CALENDAR-3 Calendar Interop Management</h2><table>
<thead>
<tr>
<th>Control ID</th>
Expand All @@ -276,21 +250,21 @@ <h2>CALENDAR-1 External Sharing Options for Primary Calendars</h2><table
</thead>
<tbody>
<tr>
<td>GWS.CALENDAR.4.1v0.1</td>
<td>Calendar Interop SHOULD be disabled unless agency mission fulfillment requires collaboration between users internal and external to an organization who use both Microsoft Exchange and Google Calendar.</td>
<td>Warning</td>
<td>GWS.CALENDAR.3.1v0.2</td>
<td>Calendar Interop SHOULD be disabled.</td>
<td>No events found</td>
<td>Should</td>
<td><span class=setting>Calendar interop is enabled </span> for example.org</td>
<td><object data='./images/triangle-exclamation-solid.svg' width='15' height='15'> </object> No relevant event in the current logs for the top-level OU, Org Name. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended.</td>
</tr>
<tr>
<td>GWS.CALENDAR.4.2v0.1</td>
<td>GWS.CALENDAR.3.2v0.2</td>
<td>OAuth 2.0 SHALL be used in lieu of basic authentication to establish connectivity between tenants or organizations in cases where Calendar Interop is deemed necessary for agency mission fulfillment.</td>
<td>N/A</td>
<td>Shall/Not-Implemented</td>
<td>Currently not able to be tested automatically; please manually check.</td>
</tr>
</tbody>
</table><h2>CALENDAR-5 Paid Appointments</h2><table>
</table><h2>CALENDAR-4 Paid Appointments</h2><table>
<thead>
<tr>
<th>Control ID</th>
Expand All @@ -302,11 +276,11 @@ <h2>CALENDAR-1 External Sharing Options for Primary Calendars</h2><table
</thead>
<tbody>
<tr>
<td>GWS.CALENDAR.5.1v0.1</td>
<td>GWS.CALENDAR.4.1v0.2</td>
<td>Appointment Schedule with Payments SHALL be disabled.</td>
<td>Pass</td>
<td>No events found</td>
<td>Shall</td>
<td>Requirement met in all OUs.</td>
<td><object data='./images/triangle-exclamation-solid.svg' width='15' height='15'> </object> No relevant event in the current logs for the top-level OU, Org Name. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended.</td>
</tr>
</tbody>
</table>
Expand Down
Loading

0 comments on commit b850aaf

Please sign in to comment.