The National Security Agency (NSA), along with authorities from New Zealand and the United Kingdom, have released a joint Cybersecurity Information Sheet (CIS) on security practices for using Microsoft PowerShell. The information sheet provides recommendations for proper configuration and monitoring with the use of capabilities and features such as PowerShell remoting and remoting over SSH, Deep Script Block Logging (DSBL) and module logging, and Over-the-Shoulder (OTS) transcription. These recommendations are intended to help system administrators and other IT staff members detect and prevent abuse by adversaries, while enabling legitimate use.
The table below is included in the CIS to help administrators quickly view which features are included in various PowerShell versions.
References
Cybersecurity Information Sheet:
Keeping PowerShell: Measures to Use and Embrace
SANS Month of PowerShell blog series:
https://www.sans.org/blog/getting-started-with-powershell/
bleepingcomputer:
NSA shares tips on securing Windows devices with PowerShell
Microsoft PowerShell lets you track Windows Registry changes
Microsoft:
Differences Between PowerShell 5.1 and PowerShell 7.x