The templates in the templates folder should be moved to their respective module folder with a standard name.

Template.*.txt

I will move the current group template and update the module footers to accommodate the updated module contents.

Describe the bug
Update to accommodate Sql Server Stigs

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

Describe the bug
Edge cases in Win10 rule V-63661 and Server2016 rule V-73641 where registry value is a range and starts with a hex value. When the rule was tested for a range it would only output 1 number because it started with a hex value. This causes the organization value to not parse correctly. It was either incomplete or missing.

To Reproduce
Steps to reproduce the behavior:

1. ConvertTo-PowerStigXml -Path '.\PowerStig\StigData\Archive\Windows.Client\U_Windows_10_STIG_V1R10_Manual-xccdf.xml'

Expected behavior
The organization values should parse correctly

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

All the permission rules with a target path of %SystemRoot%\System32\winevt\Logs error because the Server 2016 stig now wraps the event log in quotes instead of parentheses. This causes $permissionTargetPath to be $null in Get-PermissionTargetPath. Maybe create a separate function that can be used inside Get-PermissionTargetPath to identify the operating system for the stig being run. That function could also be used in Convert.PermissionRule.tests.ps1 to filter stig versions in $permissionRulesToTest.

This is an AccountPolicyRule. After Get-SecurityPolicyString is run the value of $result returns multiple matches. This causes Get-TestStringTokenList to error out. Add a separate check in Get-SecurityPolicyString so the value of $result only returns one string.

From @athaynes on August 7, 2018 8:10

Describe the bug

The following code should be removed now that PowerStig has released with the Technology enumeration.

    # BEGIN: This is a temporary fix until PowerStig has migrated the technolgy class to an enumeration
    if ((New-Object Technology).GetType().BaseType.Name -eq 'Enum')
    {
        # BEGIN: leave this after the temp fix is removed
        $technology = [Technology]::Windows
        # END: leave this after the temp fix is removed
    }
    else
    {
        $technology = [Technology]::New( "Windows" )
    }
    # END: This is a temporary fix until PowerStig has migrated the technolgy class to an enumeration

To Reproduce
none

Expected behavior
The technology enumeration should only be used in all composite resources.

$technology = [Technology]::WindowsServer

Screenshots
none

Additional context
none

Copied from original issue: microsoft/PowerStigDsc#20

Describe the bug
V-80477 is a WindowsFeatureRule that fails conversion because the FeatureName is null

To Reproduce
Steps to reproduce the behavior:

1. ConvertTo-PowerStigXml -Path
2. FeatureName will be null

Expected behavior

FeatureName = PowerShell-V2

Screenshots

Additional context

If a relative path is specified for Destination then the script errors when trying to save the xml file and will try to save it to c:\windows\system32\.

Describe the bug
The ConvertTo-PowerStigXml creates a valid XML document, but the output document should end with a new line to comply with the project standards that are enforced with format tests.

To Reproduce
Steps to reproduce the behavior:

1. convert a STIG file
2. look at the processed file
3. the last line of the file is not blank

Expected behavior
The output file should pass the project formatting tests, by ending in a blank line.

From @chasewilson on July 31, 2018 21:47

Is your feature request related to a problem? Please describe.
Sql Server Composite Stig README is not in compliance with the project format and there are no SQL Server Examples

Describe the solution you'd like
Remove SqlServer README and update Project README. Add SqlServer examples to Project

Describe alternatives you've considered

Additional context

Copied from original issue: microsoft/PowerStigDsc#15

Describe the bug

V-1151 in the 2012R2 processed Stigs have an incorrect registry path.

To Reproduce

Expected behavior

LanManPrintServices should be LanMan Print Services

Screenshots

    <Rule id="V-1151" severity="low" conversionstatus="pass" title="Secure Print Driver Installation" dscresource="Registry">
      <Ensure>Present</Ensure>
      <IsNullOrEmpty>False</IsNullOrEmpty>
      <Key>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanManPrintServices\Servers</Key>
      <OrganizationValueRequired>False</OrganizationValueRequired>
      <OrganizationValueTestString />
      <RawString>If the following registry value does not exist or is not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE 
Registry Path: \System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\

Value Name: AddPrinterDrivers

Value Type: REG_DWORD
Value: 1</RawString>
      <ValueData>1</ValueData>
      <ValueName>AddPrinterDrivers</ValueName>
      <ValueType>Dword</ValueType>
    </Rule>

Additional context

Describe the bug
The following rules are not parsing correctly:
V-76703
V-76723

To Reproduce
Attempt to apply the IISServer STIG sample config

Expected behavior
V-76703 should parse as a manual rule
V-76723.a should supply a value of 'UseCookies' instead of '1'

Describe the bug
ConvertTo-PowerStigXml against any STIG. The STIG data xml will have a null value for all dscResourceModule properties

To Reproduce
Steps to reproduce the behavior:

1. download a xccdf that is supported by PowerSTIG
2. Run ConvertTo-PowerStigXml
3. Review output xml for dscResourceModule property

Expected behavior
dscResourceModule would be populated with correct module name

Screenshots
Bad:

Good:

Describe the bug

In the processed IE browser STIG, V-46477 is proved in hex format. This would not be a problem, but the Browser Composite resource does not toggle the hex flag in the registry resource, so an error is thrown.

To Reproduce

Compile a mof with the browser STIG and see error.

Expected behavior

The registry value should either be provided as an int32 or the hex flag should be toggled when a hex value is presented to the registry resource.

Screenshots

This event indicates that a non-terminating error was thrown when DSCEngine was executing Test-TargetResource on MSFT_RegistryResource DSC resource. FullyQualifiedErrorId is FormatException. Error Message is Exception calling "Parse" with "1" argument(s): "Input string was not in a correct format.".

I pulled up the mof and the resource ID that errored out was this: 

ModuleVersion = "1.1";

ConfigurationName = "Configuration";

};
instance of MSFT_RegistryResource as $MSFT_RegistryResource3ref
{
ResourceID = "[Registry][V-46477][low][DTBI018-IE11-Publishers Certificate Revocation]::[Browser]IEBaseLine";
ValueName = "State";
Key = "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing";
Ensure = "Present";
SourceInfo = "C:\\Program Files\\WindowsPowerShell\\Modules\\PowerSTIG\\2.0.0.0\\DSCResources\\Resources\\windows.Registry.ps1::10::5::Registry";
ValueType = "Dword";
ModuleName = "PSDesiredStateConfiguration";
ValueData = {
    "23C00"
};

Additional context

Describe the bug

HKCU registry paths are only valid when PsDscRunAsCredential is present to run as an actual user. If a run as credential is not provided, the DSC test methods fail.

To Reproduce

If PsDscRunAsCredential is not provided, the HKCU settings should be filtered out of the results.

Screenshots

Additional context

Describe the bug

V-36681 in the 2012R2 processed Stigs have an incorrect registry path.

To Reproduce

Expected behavior

ControlPanel should be 'Control Panel'
Screenshots

    <Rule id="V-36681" severity="medium" conversionstatus="pass" title="WINCC-000048" dscresource="Registry">
      <Ensure>Present</Ensure>
      <IsNullOrEmpty>False</IsNullOrEmpty>
      <Key>HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\ControlPanel\International</Key>
      <OrganizationValueRequired>False</OrganizationValueRequired>
      <OrganizationValueTestString />
      <RawString>If the following registry value does not exist or is not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Policies\Microsoft\Control Panel\International\

Value Name: BlockUserInputMethodsForSignIn

Type: REG_DWORD
Value: 1</RawString>
      <ValueData>1</ValueData>
      <ValueName>BlockUserInputMethodsForSignIn</ValueName>
      <ValueType>Dword</ValueType>
    </Rule>

Additional context

These rules don't output an error but they don't update the comment in the org.xml file. These rules are also not completely updated in the stig xml file. The OrganizationValueRequired value is set to true but OrganizationValueTestString and ValueData are blank.

Below is the Check Content from rule V-73561. This is the format for all the registry rules that don't update properly.

Check Content:  
The default behavior is for Data Execution Prevention to be turned on for File Explorer.

If the registry value name below does not exist, this is not a finding.

If it exists and is configured with a value of "0", this is not a finding.

If it exists and is configured with a value of "1", this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\Windows\Explorer\

Value Name: NoDataExecutionPrevention

Value Type: REG_DWORD
Value: 0x00000000 (0) (or if the Value Name does not exist)

The offending rules in the 2016 MS stig are:
V-73561
V-73563
V-73565
V-73579
V-73587
V-73727

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

No

Describe the solution you'd like
A clear and concise description of what you want to happen.

Need to add the updated STIGs to the archive

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
None
Additional context
Add any other context or screenshots about the feature request here.

Describe the bug

When a resource configuration is dot sourced with no rules, an error is thrown

To Reproduce

Should not throw if there are no rules to automate

Screenshots

Additional context

From @athaynes on August 8, 2018 20:43

I wanted to open an issue to communicate that we are planning to collapse PowerStigDsc into PowerStig. There are a few maintenance issues pushing this.

Right now we don’t have the using statements calling a fully qualified module (no version number).
We did that so that we could update PowerStig and not have to update PowerStigDsc., but this causes 2 issues.

1. You can only have one version of PowerStig on your system.
2. We have a validate set version on the STIG numbers that need to be updated with PowerStig, so they are tied together anyway.

We have a third project that helps mange the dependencies, but we can collapse most of that back into PowerStig as well. These were all originally broken into different modules to keep the module size down and the scope narrow, but after writing some documentation and talking with different people that are evaluating the project, having multiple modules adds to user complexity, so we want to eliminate as much complexity for everyone by consolidating the projects into a single module to do all things PowerStig related.

I will archive this repo and move all of the PowerStigDsc code and supporting code over to PowerStig this weekend.

Copied from original issue: microsoft/PowerStigDsc#24

#23 Since the server 2016 stig benchmark id doesn't contain MS or DC should the output file name be generated from the stig file name? Where in the stack would Split-StigXccdf have to be run to get a proper output file name?

Describe the bug

The SetScript query value does not work and needs to be updated

To Reproduce

Expected behavior

When the get query finds a user with specified permissions, the SetScriptQuery should remove that users permissions.

Screenshots

Additional context

Describe the bug
Within version 2.13 of the Server 2012R2 STIG; a dword Value of "3" is applied to HKLM:\Software\Polices\Microsoft\Windows Defender\Spynet which leads to failed SCAP scans. The setting needs to be set to "0" by default. This setting is applied by the default organizational default XML.

To Reproduce
Apply version 2.13 of the Server 2012R2 STIG and execute a scap scan on the Server it's being applied to.

Expected behavior
Receiving 100% compliance on SCAP scan.

V-73379 parses as a registry rule but should parse as a manual or share rule.

This applies to domain controllers. It is NA for other systems.

Run "Regedit".

Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters".

Note the directory locations in the values for "DSA Database file".

Open "Command Prompt".

Enter "net share".

Note the logical drive(s) or file system partition for any organization-created data shares.

Ignore system shares (e.g., NETLOGON, SYSVOL, and administrative shares ending in $). User shares that are hidden (ending with $) should not be ignored.

If user shares are located on the same logical partition as the directory server data files, this is a finding.

Need to automate Oracle JRE STIG

A data file for the Oracle JRE is included in the project

Describe alternatives you've considered

Additional context

Is your feature request related to a problem? Please describe.

Update Composite so the FireFox can be applied
Describe the solution you'd like

Update Composite so the FireFox can be applied

There is no published scope of work for this project.

Will this be used for non-MSFT STIGs as well for products that support Powershell directly (VMWare)? What about other third party OS STIGS, which might be able to be managed with PS 6.0, like RedHat?
How about other third party OS STIGs, which are not supported by PS, such as Cisco?

Is your feature request related to a problem? Please describe.
PowerSTIG.Convert needs to be updated with a FileContentRule so STIGs that leverage a config file and be incorporated such as the FireFox STIG and the Oracle JRE STIG

Describe the bug
A clear and concise description of what the bug is.
Windows 10 STIG data file is created without a role in the file name

To Reproduce
Steps to reproduce the behavior:

1. Run ConvertTo-PowerStigXml -Path "U_Windows_10_V1R13_Manual_STIG\U_Windows_10_STIG_V1R13_Manual-xccdf.xml"

2. Converted Output: D:\Source\PowerStig\StigData\Processed\Windows-10--1.13.xml

The file name is missing the role.

Expected behavior
Should return:
Converted Output: D:\Source\PowerStig\StigData\Processed\Windows-10-Client-1.13.xml

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

After running Split-StigXccdf against any 2016 stig Manual-xccdf.xml is stripped from the filename. Because of this the filename after running ConvertTo-PowerStigXml ends in xml.xml and xml.org.xml if an org file was generated. Change output of Split-StigXccdf to keep filenames consistent.

When ConvertTo-PowerStigXml gets to line 67 it starts outputting errors because the variables from the Convert.Stig\Data.ps1 are never loaded. All the variables end up being $null.

Below is one of the many errors that get generated:

PSMessageDetails      :
Exception             : System.Management.Automation.MethodInvocationException: Exception calling "SetAttribute" with "2"
                        argument(s): "The attribute local name cannot be empty." ---> System.ArgumentException: The attribute local
                        name cannot be empty.
                           at System.Xml.XmlAttribute..ctor(XmlName name, XmlDocument doc)
                           at System.Xml.XmlDocument.CreateAttribute(String prefix, String localName, String namespaceURI)
                           at System.Xml.XmlDocument.CreateAttribute(String name)
                           at System.Xml.XmlElement.SetAttribute(String name, String value)
                           at SetAttribute(Object , Object[] )
                           at System.Management.Automation.DotNetAdapter.AuxiliaryMethodInvoke(Object target, Object[] arguments,
                        MethodInformation methodInformation, Object[] originalArguments)
                           --- End of inner exception stack trace ---
                           at System.Management.Automation.DotNetAdapter.AuxiliaryMethodInvoke(Object target, Object[] arguments,
                        MethodInformation methodInformation, Object[] originalArguments)
                           at System.Management.Automation.DotNetAdapter.MethodInvokeDotNet(String methodName, Object target,
                        MethodInformation[] methodInformation, PSMethodInvocationConstraints invocationConstraints, Object[]
                        arguments)
                           at System.Management.Automation.DotNetAdapter.MethodInvoke(PSMethod method, PSMethodInvocationConstraints
                        invocationConstraints, Object[] arguments)
                           at System.Management.Automation.Adapter.BaseMethodInvoke(PSMethod method, PSMethodInvocationConstraints
                        invocationConstraints, Object[] arguments)
                           at lambda_method(Closure , Object[] , StrongBox`1[] , InterpretedFrame )
TargetObject          :
CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
FullyQualifiedErrorId : DotNetMethodException
ErrorDetails          :
InvocationInfo        : System.Management.Automation.InvocationInfo
ScriptStackTrace      : at ConvertTo-PowerStigXml<Process>, C:\Program
                        Files\WindowsPowerShell\Modules\powerstig\Module\Convert.Main\Functions.PowerStigXml.ps1: line 125
                        at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {}

From @athaynes on June 19, 2018 17:52

In common/windows.AccessControl.ps1 there is a switch to select the AccessEntry type, but ActiveDirectoryAuditRuleEntry is missing from the switch.

These rules are not being added to the output mof.

The WindowsServer.integration.tests.ps1 has been updated to filter out ActiveDirectoryAuditRuleEntry rules. Once this issue is updated, the Permissions Context should be updated to remove the liter.

Copied from original issue: microsoft/PowerStigDsc#1

From @JakeDean3631 on July 26, 2018 15:47

Describe the bug
Attempting to set a binary registry key to 0 will result in the key being set to "zero-length binary value" due to a bug with the registry resource parsing the value of 0 into a binary format.

To Reproduce
Steps to reproduce the behavior:

1. Create a test configuration containing the following:

Configuration TestConfig {

 Import-DSCResource -ModuleName 'PSDesiredStateConfiguration'
 
 Nodename $Nodename 
 {
       Registry 'Registry(INF): HKLM:\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing'
      {
       ValueName = 'FullPrivilegeAuditing'
       ValueType = 'Binary'
       Key = 'HKLM:\System\CurrentControlSet\Control\Lsa'
           ValueData = 0
           Ensure = "Present"
           Force = $True
        }
 }

}

2. Generate a MOF and push the configuration.
3. Check the HKLM:\System\CurrentControlSet\Control\Lsa registry key, it will be set to "Zero-Length Binary Value."
4. Set the valuedata to 1, and it will parse correctly, resulting in the key being set to "01"
5. Regardless of how you attempt to set the "00" value, it will result in the "Zero-Length Binary Value

Expected behavior
HKLM:\System\CurrentControlSet\Control\Lsa registry key should be set to "00"

Screenshots

Additional context
Work-around is importing the xPSDesiredStateConfiguration module and using the xRegistry resource, which will parse the value of "0" into a binary key of "00"

Example:

Configuration TestConfig {

 Import-DSCResource -ModuleName 'xPSDesiredStateConfiguration'
 
 Nodename $Nodename 
 {
       xRegistry 'Registry(INF): HKLM:\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing'
      {
       ValueName = 'FullPrivilegeAuditing'
       ValueType = 'Binary'
       Key = 'HKLM:\System\CurrentControlSet\Control\Lsa'
           ValueData = 0
           Ensure = "Present"
           Force = $True
        }
 }

}

Link to the original bug: PowerShell/DscResources#203

Copied from original issue: microsoft/PowerStigDsc#14

This is a RegistryRule in all the Internet Explorer stigs. The Software Publishing Criteria key doesn't exist in that rule. The stig info is misleading on the DISA site. The full key path should read HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

/Microsoft/PowerStig/Module/Convert.PermissionRule/Methods.ps1

'inheritance' and 'inheritence' are used interchangeably in the code, such as here:

$Inheritance = $script:inheritenceConstant[[string]$inheritance.trim()]

This will make it very difficult to modify these methods in the future.

Fix: All instances of 'inheritence' should be changed to 'inheritance'

Is your feature request related to a problem? Please describe.
StigData is needed for the newest versions of the following STIGs:
Windows-Server-2012R2-MS-2.13
Windows-Server-2012R2-DC-2.13
Windows-2012-DNS-1.10
Windows-All-Domain-2.10
Windows-All-Forest-2.8
Windows-All-IE11-1.16

Describe the solution you'd like
StigData added for the newest versions of the following STIGs:
Windows-Server-2012R2-MS-2.13
Windows-Server-2012R2-DC-2.13
Windows-2012-DNS-1.10
Windows-All-Domain-2.10
Windows-All-Forest-2.8
Windows-All-IE11-1.16

Describe alternatives you've considered
n/a

Additional context
n/a

Rule id V-46477 is the rule affected in the Windows-All-IE11-1.15.xml file. This isn't necessarily a problem with this module but I'm hoping someone here has some insight on this.

After logon the value of State changes from 23C00 back to its default of 23E00. Not using RDP for us right now isn't really an option so that's out.

I've found an old Microsoft article that talks about this exact problem but it references Server 2008/2008 R2. It says that if you use Group Policy to update the 'Check for signatures on downloaded programs' setting then it directly conflicts with the registry fix applied by this rule.

Has anyone seen this or know of a more current hotfix? Without that the changes made by this rule essentially do nothing.

Is your feature request related to a problem? Please describe.
Update PowerSTIG to support the most recent Windows 10 Client Stig

Describe the solution you'd like
Update PowerSTIG to support the most recent Windows 10 Client Stig

Importing converted .xml. Updating classes and tests to account for the addition of the .NET Framework 4.0 STIG

I know everything was just migrated but I don't see a WindowsServer.ps1 file. After I install and import the PowerStig module, I tried to compile one of the example mofs and keep getting an error that the Windows Server module wasn't found in any directory. I'm a noob to PowerStig. Any help is appreciated.

From @ldillonel on July 2, 2018 19:10

Convert the .NET STIG version 1.4 with PowerStigConvert. Review the STIG data.
Rule V-30935 will parse with valueData = 1
Should be valueData = 0

Copied from original issue: Microsoft/PowerStigConvert#1

Describe the bug
Rule V-15505 return the wrong service name for the McAfee agent

To Reproduce
Steps to reproduce the behavior:

1. Run ConvertFrom-StigXccdf
2. Review serviceName for rule V-15505

Expected behavior
Should return McAfee agent service name of masvc

Describe the bug
All stig data contains rules with the properties intended for the parent (DscResource, Id, Severity, ConversionStatus)

To Reproduce
Steps to reproduce the behavior:

1. Generate STIG data
2. Inspect any rule in the STIG data

Expected behavior
StigData is produced with child elements that do not contain properties intended for the parent element.

I don't really like publishing a full XML file with every STIG release, because it is a lot of data to go through in a PR. Since the files are new, there is nothing to compare a new parsed STIG against. Compare-PowerStigXml will highlight deltas, but that is run outside of the PR process and requires a reviewer to pull the code down and run the compare locally.

I purpose that we highlight the deltas in the xccdf Compare-XccdfXml and only parse them and output thePowerStigXml as a delta file to the previous Stig version. Each major STIG version would be a full parse and each minor release would be a delta parse.

This would make the PR for new PowerStigXml files much smaller and easier to validate. We can also add a test that validates (hashes) the delta file and it's parsed content. The PowerStig module will handle all of the data merging so it will be transparent to the caller (PowerStigDsc).

Describe the bug
Powershell Gallery does not have any dependencies listed for PowerSTIG version 2.0.0.0. The psd1 file format changed and powershell gallery can't read it properly.

Without dependencies, find-module does not install the required dependent modules. Save-module does not download the required modules either.

To Reproduce

Additional context
Need to have ability to resolve dependencies with Find-Module.

The PowerShell help system does not use inline help but does use an external help file. The inline help content can be extracted out, but only if it is in the correct format for an AST extraction. Most of the class help text is spread across the classes themselves and needs to be moved to the top of the class help section. By updating the help we can automatically build help and wiki content.

Describe the bug

V-4448 in the 2012R2 processed Stigs have an incorrect registry path.

To Reproduce

Expected behavior

GroupPolicy should be 'Group Policy'

Screenshots

    <Rule id="V-4448" severity="medium" conversionstatus="pass" title="Group Policy - Registry Policy Processing" dscresource="Registry">
      <Ensure>Present</Ensure>
      <IsNullOrEmpty>False</IsNullOrEmpty>
      <Key>HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GroupPolicy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}</Key>
      <OrganizationValueRequired>False</OrganizationValueRequired>
      <OrganizationValueTestString />
      <RawString>If the following registry value does not exist or is not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\

Value Name: NoGPOListChanges

Type: REG_DWORD
Value: 0</RawString>
      <ValueData>0</ValueData>
      <ValueName>NoGPOListChanges</ValueName>
      <ValueType>Dword</ValueType>
    </Rule>

Additional context

Is your feature request related to a problem? Please describe.

SQL 2012 Instance STIG has a newer version available

Describe the solution you'd like

A converted and Archived version should be available

Describe alternatives you've considered

Additional context

Is your feature request related to a problem? Please describe.
To implement PowerStig, you must know the exemptions and skip rules. If not you could break your current machines. There needs to be a way to reduce the Technical Debt to start using PowerStig at least in a Monitor and Report function. There is no automated tool to identify the exemptions and org settings for current machines.

Describe the solution you'd like
There needs to be a built in tool module that can scan and report on a machines STIG compliance without changing the system. This tool will have a baseline mof for each stig and scan the system. Then generate a stig exemption file or skip rule file for later consumption by PowerStig Config that will apply STIG settings. Also this tool will need to produce an aggregated report to management of STIG compliance. Lastly there will be a feature to provide automated documentation for consumption by the RMF process.

Describe alternatives you've considered
Adding a field in the current PowerStigDsc module that would override the Set script and not modify the system but monitor and report.

Suggested Feature for PowerStigDSC:

• MonitorAndReport = $true
• GenerateStigExceptionFile = $true
• IncludeValuesInStigExceptionFile = $true

Additional context
For my organization to adopt PowerStig, DevOps, and accreditation of a config instead of a machine, there needs to be a low cost of entry to show management the value and status of the network. Adding into PowerStig a scanning tool that will report on the STIG status will enable an immediate adoption of using PowerStig without the technical debt. If this feature is implemented, then using PowerStig to implement STIG settings will be easier for management to accept and administrators to identify their exemptions. With this staged process, PowerStig will be easier to adopt by the majority of government systems.

Importing converted .xml. Updating classes and tests to account for the addition of the IIS Server STIG data.
@winthrop28