# Step 1: Evidence Details

|System|Source of data|Frameworks|Purpose|
|---|---|---|---|
|google_workspace|compliancecow||Require and enforce the use of phishing-resistant authenticators to establish and maintain administrative sessions|

```
Purpose: The purpose of this control is to enhance security measures by mandating the use of phishing-resistant authenticators, thereby mitigating the risk of unauthorized access during administrative sessions. By enforcing this requirement, organizations aim to fortify their systems against phishing attacks and ensure the integrity of administrative access, safeguarding sensitive information and resources.
```
```

RecomendedEvidenceName: EnforcePhishingResistantMFA
```

# Step 2: Define the System Specific Data (a.k.a Extended Data Schema)

In [None]:
"Users": [
    dd{
		"System": "google_workspace",
		"Source": "compliancecow",
		"ResourceType": "user",
		"ResourceID": "185794837502723425",
		"ResourceName": "John Daniel",
		"Email": "John.Daniel@test.com",
		"LastLogin": "2024-03-26T19:58:34.000Z",
		"CreationDate": "2021-04-08T06:31:32.000Z",
		"IsAdmin": true,
		"IsEnforcedIn2Sv": false,
		"IsEnrolledIn2Sv": false,
		"AccountStatus": "Active",
		"DeletionDate": "",
		"SuspendedReason": "",
		"Manager": "",
		"DeviceAssociations": "",
		"Permissions": "",
		"ExternalAccess": "",
		"TerminationConfirmedBy": "",
		"TerminationConfirmationDate": "",
		"AdditionalInformation": "",
		"Groups": [
			{
				"groupName": "audit_group",
				"groupEmailID": "audit_group@test.com",
				"role": "MEMBER",
				"status": "ACTIVE"
			},
			{
				"groupName": "report",
				"groupEmailID": "report@test.com",
				"role": "OWNER",
				"status": "ACTIVE"
			}
		],
		"Roles": [
			"ADMIN_ROLE"
		],
		"Privileges": [
			"ROOT_APP_ADMIN",
			"SUPER_ADMIN"
		]
	}]


# Step 3: Define the Standard Schema
  


In [None]:
#R2.01 Require and enforce the use of phishing-resistant authenticators to establish and maintain administrative sessions.
#// Call the Directory API to list users
  #directoryService, err := admin.NewService(context.Background(), option.WithHTTPClient(httpClient))
	#users, err := directoryService.Users.List().Domain(domain).Do()

{
		"System": "google_workspace",
		"Source": "compliancecow",
		"ResourceID": "185794837502723425",
		"ResourceName": "CO 1",
		"ResourceType": "user",
		"ResourceUrl": "",
		"Email": "co1@riskdevops.com",
		"LastLogin": "2024-02-19T15:16:27.000Z",
		"CreationDate": "2024-02-06T19:10:34.000Z",
		"IsAdmin": false,
		"IsMFAEnrolled": false,
		"IsMFAEnforced": false,
		"AccountStatus": "Active",
		"DeletionDate": "",
		"ValidationStatusCode": "AD_F_2F_ER_F_2F_EF_F",
		"ValidationStatusNotes": "Admin false, 2FA Enrolled false, 2FA Enforced false\t",
		"ComplianceStatus": "NON COMPLIANT",
		"ComplianceStatusReason": "The record does not meet compliance standards due to the absence of MFA being enabled for the user",
		"EvaluatedTime": "",
		"UserAction": "",
		"ActionStatus": "",
		"ActionResponseURL": ""
	}

# Step 3.a: Sample Data

| System            | Source       | ResourceType | ResourceId | ResourceName | ResourceUrl | Email                  | LastLogin            | CreationDate | IsAdmin | IsMFAEnrolled | IsMFAEnforced | AccountStatus | DeletionTime | ValidationStatusCode    | ValidationStatusNotes                                                        | ComplianceStatus | ComplianceStatusReason                                                    | EvaluatedTime           | UserAction | ActionStatus | ActionResponseURL |
|-------------------|--------------|--------------|------------|--------------|-------------|------------------------|----------------------|--------------|---------|----------------|----------------|---------------|----------------|-------------------------|----------------------------------------------------------------------------|------------------|---------------------------------------------------------------------------|--------------------------|-------------|--------------|-------------------|
| google_workspace | compliancecow | User         | 78411424        | JohnDaniel     |             | JohnDaniel@example.com  | 2024-03-19T14:20:00Z | 2020-11-10   | true    | false          | false          | Suspended     |      | AD_F_2F_ER_F_2F_EF_F	 | Admin false, 2FA Enrolled false, 2FA Enforced false  | NON_COMPLIANT | The record does not meet compliance standards due to the absence of two step verfication being enabled for the user


# Step 4: Describe the Compliance Taxonomy

| IsAdmin | IsMFAEnrolled | IsMFAEnforced | ValidationStatusCode | ValidationStatusNotes| ComplianceStatus | ComplianceStatusReason |
|---------|----------------|----------------|----------------------|-------------------------------------------------------------------|------------------|------------|
|false   | false          | false          | AD_F_2F_ER_F_2F_EF_F | Admin false, 2FA Enrolled false, 2FA Enforced false                      | NON_COMPLIANT |The record does not meet compliance standards due to the absence of two step verfication being enabled for the user|
| true   | false           | false           | AD_T_2F_ER_F_2F_EF_F | Admin true, 2FA Enrolled false, 2FA Enforced false                 | NON_COMPLIANT        | The record does not meet compliance standards due to the absence of two step verfication being enforced for the user|
| true   | true           | true           | AD_T_2F_ER_T_2F_EF_T | Admin true, 2FA Enrolled true, 2FA Enforced true                 | COMPLIANT        | The record meets compliance standards due to the presence of two step verfication being enabled for the user|
| false   | true           | true           | AD_F_2F_ER_T_2F_EF_T | Admin false, 2FA Enrolled true, 2FA Enforced true                 | COMPLIANT        | The record meets compliance standards due to the presence of two step verfication being enabled for the user|
| false   | false           | true           | AD_F_2F_ER_F_2F_EF_T | Admin false, 2FA Enrolled false, 2FA Enforced true                 | NON_COMPLIANT        | The record does not meet compliance standards due to the absence of two step verfication being enforced for the user|
| true   | false           | true           | AD_T_2F_ER_F_2F_EF_T | Admin true, 2FA Enrolled false, 2FA Enforced true                 | NON_COMPLIANT        | The record does not meet compliance standards due to the absence of two step verfication being enforced for the user|
| false   | true           | false           | AD_F_2F_ER_T_2F_EF_F | Admin false, 2FA Enrolled true, 2FA Enforced false                 | NON_COMPLIANT        | The record does not meet compliance standards due to the absence of two step verfication being enrolled for the user|
| true   | true           | false           | AD_T_2F_ER_T_2F_EF_F | Admin true, 2FA Enrolled true, 2FA Enforced false                 | NON_COMPLIANT        | The record does not meet compliance standards due to the absence of two step verfication being enrolled for the user|


# Step 5: Calculation for Compliance Percentage and Status


In [None]:
# Calculation of Compliance Percentage

TotalRecordCount = Count of 'COMPLIANT' and 'NON_COMPLIANT' records
FailedRecordCount = Count of 'NON_COMPLIANT' records

CompliancePCT = int(100 - ((FailedRecordCount * 100) / TotalRecordCount))

Compliance Status
COMPLIANT - 100%
NON_COMPLIANT - 0% to less than 100%

# Step 6: Describe (in words) the Remediation Steps for Non-Compliance

Remediation notes:

Importance of 2-Factor Authentication (2FA): 2FA adds an extra layer of security beyond passwords, significantly reducing the risk of unauthorized access through phishing or stolen credentials.
Enabling 2FA in Google Workspace: Access the Google Admin console, navigate to Security > Basic settings, and enable 2FA for all users. Encourage administrators to opt for stronger 2FA methods such as Security Keys or the Google Authenticator app.

# 7. Control Setup Details

| Control Details            |                               |
|----------------------------|-------------------------------|
| **RuleName**               |    GenerateGoogleWorkSpaceTwoSVReport |
| **PreRequisiteRuleNames**  |    ListGoogleWorkSpaceUserList        |
| **ApplicationClassName**   |    googleworkspaceappconnector            |