From 634f0b19ebdbffcd0b33da509a9057df9bf9a06f Mon Sep 17 00:00:00 2001
From: Daniel Medina <dmedina@mitre.org>
Date: Fri, 15 Nov 2024 12:33:55 -0500
Subject: [PATCH] test laps config checking

---
 controls/SV-205657.rb | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/controls/SV-205657.rb b/controls/SV-205657.rb
index f0a0284..f2a82f4 100644
--- a/controls/SV-205657.rb
+++ b/controls/SV-205657.rb
@@ -58,6 +58,23 @@
         end
       end
     end
+
+    # Verify LAPS configuration
+    laps_config = command('Get-GPResultantSetOfPolicy -Computer -ReportType XML | Select-String -Pattern "LAPS"').stdout
+    describe 'LAPS Configuration' do
+      it 'LAPS must be configured and operational.' do
+        expect(laps_config).not_to be_empty
+      end
+    end
+
+    # Verify LAPS operational logs
+    laps_logs = command('Get-WinEvent -LogName "Microsoft-Windows-LAPS/Operational" | Select-Object -First 1').stdout
+    describe 'LAPS Operational Logs' do
+      it 'LAPS policy process must be completing.' do
+        expect(laps_logs).not_to be_empty
+      end
+    end
+
     local_password_set_date = json({ command: "Get-LocalUser -name #{administrator} | Where-Object {$_.PasswordLastSet -le (Get-Date).AddDays(-60)} | Select-Object -ExpandProperty PasswordLastSet | ConvertTo-Json" })
     local_date = local_password_set_date['DateTime']
     describe 'Password Last Set Date' do