CIS Microsoft Windows 10 Enterprise RTM (Release 1507) Benchmark

More documents

Recommendations

Info

18.3.12 (L2) Set 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' to 'Enabled: 3' (Scored) .................................. 418 18.3.13 (L1) Set 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' to 'Enabled: 90% or less' (Scored) ................................................................................................................................................................... 420 18.4 Network ............................................................................................................................................ 422 18.4.8.1 (L2) Set 'Turn on Mapper I/O (LLTDIO) driver' to 'Disabled' (Scored) ...... 424 18.4.8.2 (L2) Set 'Turn on Responder (RSPNDR) driver' to 'Disabled' (Scored) ...... 426 18.4.9.2 (L2) Set 'Turn off Microsoft Peer-to-Peer Networking Services' to 'Enabled' (Scored) ................................................................................................................................................. 428 18.4.10.2 (L1) Set 'Prohibit installation and configuration of Network Bridge on your DNS domain network' to 'Enabled' (Scored) .......................................................................... 430 18.4.10.3 (L1) Set 'Require domain users to elevate when setting a network's location' to 'Enabled' (Scored) ..................................................................................................... 432 18.4.13.1 (L1) Set 'Hardened UNC Paths' to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares' (Scored) ................................................................................................................................................. 435 18.4.18.2.1 (L2) Disable IPv6 (Set TCPIP6 Parameter 'DisabledComponents' to '0xff (255)') (Scored) .................................................................................................................................. 439 18.4.19.1 (L2) Set 'Configuration of wireless settings using Windows Connect Now' to 'Disabled' (Scored) ....................................................................................................................... 441 18.4.19.2 (L2) Set 'Prohibit access of the Windows Connect Now wizards' to 'Enabled' (Scored) ............................................................................................................................. 443 18.4.20.1 (L1) Set 'Prohibit connection to non-domain networks when connected to domain authenticated network' to 'Enabled' (Scored) ....................................................... 445 18.4.22.2.1 (L1) Set 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' to 'Disabled' (Scored) ............................................................................................................................ 449 18.5 Printers ............................................................................................................................................. 451 18.6 SCM: Pass the Hash Mitigations .............................................................................................. 452 15 | P a g e
18.6.1 (L1) Set 'Apply UAC restrictions to local accounts on network logons' to 'Enabled' (Scored) ............................................................................................................................. 452 18.6.2 (L1) Set 'WDigest Authentication' to 'Disabled' (Scored) .................................... 454 18.7 Start Menu and Taskbar ............................................................................................................. 456 18.8 System ............................................................................................................................................... 457 18.8.2.1 (L1) Set 'Include command line in process creation events' to 'Disabled' (Scored) ................................................................................................................................................. 457 18.8.5.1.1 (BL) Set 'Prevent installation of devices that match any of these device IDs' to 'Enabled' (Scored) ............................................................................................................... 460 18.8.5.1.2 (BL) Set 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' to 'PCI\CC_0C0A' (Scored) .................................................................................................................. 462 18.8.5.1.3 (BL) Set 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' to 'True' (checked) (Scored) ................................................................................................................................................. 464 18.8.5.1.4 (BL) Set 'Prevent installation of devices using drivers that match these device setup classes' to 'Enabled' (Scored) ............................................................................. 466 18.8.5.1.5 (BL) Set 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' to '{d48179be-ec20-11d1-b6b8-00c04fa372a7}' (Scored) ................................ 468 18.8.5.1.6 (BL) Set 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' to 'True' (checked) (Scored) ............................................................................................................... 470 18.8.11.1 (L1) Set 'Boot-Start Driver Initialization Policy' to 'Enabled: Good, unknown and bad but critical' (Scored) ................................................................................... 473 18.8.18.2 (L1) Set 'Configure registry policy processing: Do not apply during periodic background processing' to 'Enabled: FALSE' (Scored) ..................................... 476 18.8.18.3 (L1) Set 'Configure registry policy processing: Process even if the Group Policy objects have not changed' to 'Enabled: TRUE' (Scored) ....................................... 478 18.8.18.4 (L1) Set 'Turn off background refresh of Group Policy' to 'Disabled' (Scored) ................................................................................................................................................. 479 16 | P a g e
Page 1 and 2: CIS Microsoft Windows 10 Enterprise
Page 3 and 4: Table of Contents Table of Contents
Page 5 and 6: 2.2.21 (L1) Set 'Enable computer an
Page 7 and 8: 2.3.7.3 (BL) Set 'Interactive logon
Page 9 and 10: 2.3.11.5 (L1) Set 'Network security
Page 11 and 12: 9.1.6 (L1) Set 'Windows Firewall: D
Page 13 and 14: 14 Network Access Protection NAP Cl
Page 15: 18.2.5 (L1) Set 'Password Settings:
Page 19 and 20: 18.8.24.2 (L1) Set 'Do not enumerat
Page 21 and 22: 18.9.11.1.10 (BL) Set 'Configure us
Page 23 and 24: 18.9.11.2.19 (BL) Set 'Require addi
Page 25 and 26: 18.9.13.3 (L2) Set 'Require trusted
Page 27 and 28: 18.9.48.3.9.3 (L1) Set 'Set client
Page 29 and 30: 19.7 Windows Components ...........
Page 31 and 32: Typographical Conventions The follo
Page 33 and 34: Acknowledgements This benchmark exe
Page 35 and 36: Rationale: The longer a user uses t
Page 37 and 38: 1.1.2 (L1) Set 'Maximum password ag
Page 39 and 40: 1.1.3 (L1) Set 'Minimum password ag
Page 41 and 42: 1.1.4 (L1) Set 'Minimum password le
Page 43 and 44: 1.1.5 (L1) Set 'Password must meet
Page 45 and 46: References: 1. CCE-33777-4 44 | P a
Page 47 and 48: Default Value: Disabled References:
Page 49 and 50: Remediation: To establish the recom
Page 51 and 52: Impact: If this policy setting is e
Page 57 and 58: Impact: If you remove the Access th
Page 59 and 60: 2.2.4 (L1) Set 'Adjust memory quota
Page 61 and 62: 2.2.5 (L1) Set 'Allow log on locall
Page 63 and 64: 2.2.6 (L1) Set 'Allow log on throug
Page 65 and 66: 2.2.7 (L1) Set 'Back up files and d
Page 67 and 68:
2.2.8 (L1) Set 'Change the system t
Page 69 and 70:
Impact: There should be no impact,
Page 71 and 72:
2.2.10 (L1) Set 'Create a pagefile'
Page 73 and 74:
Default Value: No one References: 1
Page 75 and 76:
Default Value: Administrators, LOCA
Page 77 and 78:
2.2.14 (L1) Set 'Create symbolic li
Page 79 and 80:
2.2.15 (L1) Set 'Debug programs' to
Page 81 and 82:
2.2.16 (L1) Set 'Deny access to thi
Page 83 and 84:
2.2.17 (L1) Set 'Deny log on as a b
Page 85 and 86:
Rationale: Accounts that can log on
Page 87 and 88:
Default Value: Guest References: 1.
Page 89 and 90:
Impact: If you assign the Deny log
Page 91 and 92:
References: 1. CCE-33778-2 90 | P a
Page 93 and 94:
Default Value: Administrators Refer
Page 95 and 96:
Page 97 and 98:
Audit: Navigate to the UI Path arti
Page 99 and 100:
Page 101 and 102:
Default Value: Administrators Refer
Page 103 and 104:
2.2.28 (L1) Set 'Manage auditing an
Page 105 and 106:
2.2.30 (L1) Set 'Modify firmware en
Page 107 and 108:
2.2.31 (L1) Set 'Perform volume mai
Page 109 and 110:
Impact: If you remove the Profile s
Page 111 and 112:
References: 1. CCE-35001-7 110 | P
Page 113 and 114:
Default Value: LOCAL SERVICE, NETWO
Page 115 and 116:
Impact: If you remove the Restore f
Page 117 and 118:
Impact: The impact of removing thes
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Remediation: To establish the recom
Page 125 and 126:
Impact: All network users will need
Page 127 and 128:
Impact: None. This is the default c
Page 129 and 130:
Impact: You will have to inform use
Page 131 and 132:
2.3.2 Audit This section contains r
Page 133 and 134:
2.3.2.2 (L1) Set 'Audit: Shut down
Page 135 and 136:
2.3.3 DCOM This section is intentio
Page 137 and 138:
Impact: None - the default value is
Page 139 and 140:
2.3.6 Domain member This section co
Page 141 and 142:
Digital encryption and signing of t
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Impact: Users will not see their us
Page 155 and 156:
Impact: Unless they use a smart car
Page 157 and 158:
Rationale: This policy setting dete
Page 159 and 160:
2.3.7.4 (L1) Set 'Interactive logon
Page 161 and 162:
2.3.7.5 (L1) Configure 'Interactive
Page 163 and 164:
2.3.7.6 (L1) Configure 'Interactive
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
2.3.8 Microsoft network client This
Page 173 and 174:
Impact: The Windows 2000 Server, Wi
Page 175 and 176:
Page 177 and 178:
Default Value: Disabled References:
Page 179 and 180:
Computer Configuration\Policies\Win
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Impact: Disabled is the default con
Page 191 and 192:
Impact: It will be impossible to es
Page 193 and 194:
Impact: It will be impossible to gr
Page 195 and 196:
Impact: Users will be forced to ent
Page 197 and 198:
Default Value: Disabled References:
Page 199 and 200:
Default Value: None References: 1.
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
2.3.10.9 (L1) Set 'Network access:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
2.3.11 Network security This sectio
Page 213 and 214:
2.3.11.2 (L1) Set 'Network security
Page 215 and 216:
2.3.11.3 (L1) Set 'Network Security
Page 217 and 218:
2.3.11.4 (L1) Set 'Network Security
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Rationale: In Windows Vista, this s
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
2.3.11.10 (L1) Set 'Network securit
Page 233 and 234:
2.3.12 Recovery console This sectio
Page 235 and 236:
2.3.12.2 (L1) Set 'Recovery console
Page 237 and 238:
2.3.13 Shutdown This section is int
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
2.3.17 User Account Control This se
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Rationale: One of the risks that th
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Rationale: UIAccess Integrity allow
Page 259 and 260:
Impact: Users and administrators wi
Page 261 and 262:
Default Value: Enabled References:
Page 263 and 264:
Page 265 and 266:
9 Windows Firewall With Advanced Se
Page 267 and 268:
9.1.2 (L1) Set 'Windows Firewall: D
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
9.1.10 (L1) Set 'Windows Firewall:
Page 285 and 286:
Page 287 and 288:
9.2 Private Profile This section co
Page 289 and 290:
9.2.2 (L1) Set 'Windows Firewall: P
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
9.3 Public Profile This section con
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Page 323 and 324:
Page 325 and 326:
Page 327 and 328:
Page 329 and 330:
Page 331 and 332:
10 Network List Manager Policies Th
Page 333 and 334:
Page 335 and 336:
Page 337 and 338:
Impact: If no audit settings are co
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
17.5 Logon/Logoff This section cont
Page 351 and 352:
17.5.2 (L1) Set 'Audit Group Member
Page 353 and 354:
17.5.3 (L1) Set 'Audit Logoff' to '
Page 355 and 356:
17.5.4 (L1) Set 'Audit Logon' to 'S
Page 357 and 358:
17.5.5 (L1) Set 'Audit Other Logon/
Page 359 and 360:
17.5.6 (L1) Set 'Audit Special Logo
Page 361 and 362:
17.6 Object Access This section con
Page 363 and 364:
17.7 Policy Change This section con
Page 365 and 366:
17.7.2 (L1) Set 'Audit Authenticati
Page 367 and 368:
17.8 Privilege Use This section con
Page 369 and 370:
17.9 System This section contains r
Page 371 and 372:
17.9.2 (L1) Set 'Audit Other System
Page 373 and 374:
17.9.3 (L1) Set 'Audit Security Sta
Page 375 and 376:
17.9.4 (L1) Set 'Audit Security Sys
Page 377 and 378:
17.9.5 (L1) Set 'Audit System Integ
Page 379 and 380:
18 Administrative Templates (Comput
Page 381 and 382:
18.1.1.2 (L1) Set 'Prevent enabling
Page 383 and 384:
18.1.2 Regional and Language Option
Page 385 and 386:
18.2 LAPS This section contains rec
Page 387 and 388:
18.2.2 (L1) Set 'Do not allow passw
Page 389 and 390:
18.2.3 (L1) Set 'Enable Local Admin
Page 391 and 392:
18.2.4 (L1) Set 'Password Settings:
Page 393 and 394:
Page 395 and 396:
Page 397 and 398:
18.3 MSS (Legacy) This section cont
Page 399 and 400:
18.3.2 (L1) Set 'MSS: (DisableIPSou
Page 401 and 402:
18.3.3 (L1) Set 'MSS: (DisableIPSou
Page 403 and 404:
18.3.4 (L2) Set 'MSS: (DisableSaveP
Page 405 and 406:
18.3.5 (L1) Set 'MSS: (EnableICMPRe
Page 407 and 408:
18.3.6 (L2) Set 'MSS: (KeepAliveTim
Page 409 and 410:
18.3.7 (L1) Set 'MSS: (NoNameReleas
Page 411 and 412:
18.3.8 (L2) Set 'MSS: (PerformRoute
Page 413 and 414:
18.3.9 (L1) Set 'MSS: (SafeDllSearc
Page 415 and 416:
18.3.10 (L1) Set 'MSS: (ScreenSaver
Page 417 and 418:
18.3.11 (L2) Set 'MSS: (TcpMaxDataR
Page 419 and 420:
18.3.12 (L2) Set 'MSS: (TcpMaxDataR
Page 421 and 422:
18.3.13 (L1) Set 'MSS: (WarningLeve
Page 423 and 424:
18.4 Network This section contains
Page 425 and 426:
18.4.8 Link-Layer Topology Discover
Page 427 and 428:
18.4.8.2 (L2) Set 'Turn on Responde
Page 429 and 430:
18.4.9 Microsoft Peer-to-Peer Netwo
Page 431 and 432:
18.4.10 Network Connections This se
Page 433 and 434:
18.4.10.3 (L1) Set 'Require domain
Page 435 and 436:
18.4.11 Network Connectivity Status
Page 437 and 438:
Rationale: In February 2015, Micros
Page 439 and 440:
18.4.14 Offline Files This section
Page 441 and 442:
Audit: Navigate to the Registry pat
Page 443 and 444:
Page 445 and 446:
Default Value: The default for this
Page 447 and 448:
Impact: If this policy setting is e
Page 449 and 450:
18.4.22 WLAN Service This section c
Page 451 and 452:
Page 453 and 454:
18.6 SCM: Pass the Hash Mitigations
Page 455 and 456:
18.6.2 (L1) Set 'WDigest Authentica
Page 457 and 458:
18.7 Start Menu and Taskbar This se
Page 459 and 460:
Page 461 and 462:
18.8.5 Device Installation This sec
Page 463 and 464:
18.8.5.1.2 (BL) Set 'Prevent instal
Page 465 and 466:
Page 467 and 468:
Page 469 and 470:
Page 471 and 472:
Page 473 and 474:
18.8.6 Device Redirection This sect
Page 475 and 476:
Rationale: This policy setting help
Page 477 and 478:
18.8.18 Group Policy This section c
Page 479 and 480:
18.8.18.3 (L1) Set 'Configure regis
Page 481 and 482:
Impact: None - this is the default
Page 483 and 484:
Impact: This policy setting does no
Page 485 and 486:
18.8.19.1.3 (L2) Set 'Turn off hand
Page 487 and 488:
18.8.19.1.4 (L2) Set 'Turn off Inte
Page 489 and 490:
18.8.19.1.5 (L2) Set 'Turn off Inte
Page 491 and 492:
18.8.19.1.6 (L2) Set 'Turn off prin
Page 493 and 494:
18.8.19.1.7 (L2) Set 'Turn off Regi
Page 495 and 496:
18.8.19.1.8 (L2) Set 'Turn off Sear
Page 497 and 498:
18.8.19.1.9 (L2) Set 'Turn off the
Page 499 and 500:
Page 501 and 502:
Page 503 and 504:
18.8.19.1.12 (L2) Set 'Turn off Win
Page 505 and 506:
18.8.19.1.13 (L2) Set 'Turn off Win
Page 507 and 508:
18.8.20 iSCSI This section is inten
Page 509 and 510:
Impact: Device will attempt to auth
Page 511 and 512:
Default Value: Not Configured. If t
Page 513 and 514:
Impact: If you enable this policy s
Page 515 and 516:
Impact: The Logon UI will not enume
Page 517 and 518:
Default Value: Not configured Refer
Page 519 and 520:
Page 521 and 522:
Page 523 and 524:
Impact: Fonts not located in the %w
Page 525 and 526:
18.8.28 Power Management This secti
Page 527 and 528:
18.8.28.4.2 (BL) Set 'Allow standby
Page 529 and 530:
18.8.28.4.3 (L1) Set 'Require a pas
Page 531 and 532:
18.8.28.4.4 (L1) Set 'Require a pas
Page 533 and 534:
18.8.29 Recovery This section is in
Page 535 and 536:
If you enable this policy setting,
Page 537 and 538:
18.8.30.2 (L1) Set 'Configure Solic
Page 539 and 540:
18.8.31 Remote Procedure Call This
Page 541 and 542:
18.8.31.2 (L1) Set 'Restrict Unauth
Page 543 and 544:
18.8.32 Removable Storage Access Th
Page 545 and 546:
The Group Policy settings contained
Page 547 and 548:
Default Value: If you do not config
Page 549 and 550:
18.8.43 Windows Time Service This s
Page 551 and 552:
18.8.43.1.2 (L2) Set 'Enable Window
Page 553 and 554:
18.9.4 App Package Deployment This
Page 555 and 556:
18.9.5 App Privacy This section is
Page 557 and 558:
Page 559 and 560:
Default Value: Not Configured Refer
Page 561 and 562:
18.9.8 AutoPlay Policies This secti
Page 563 and 564:
18.9.8.2 (L1) Set 'Set the default
Page 565 and 566:
18.9.8.3 (L1) Set 'Turn off Autopla
Page 567 and 568:
18.9.9 Backup This section is inten
Page 569 and 570:
If this policy setting is disabled,
Page 571 and 572:
Note: If the "Do not enable BitLock
Page 573 and 574:
18.9.11.1.3 (BL) Set 'Choose how Bi
Page 575 and 576:
Page 577 and 578:
Select the "Do not enable BitLocker
Page 579 and 580:
Page 581 and 582:
Impact: To use BitLocker, a Data Re
Page 583 and 584:
Page 585 and 586:
Page 587 and 588:
Page 589 and 590:
Page 591 and 592:
Page 593 and 594:
Page 595 and 596:
Rationale: From a strict security p
Page 597 and 598:
Encryption algorithms are specified
Page 599 and 600:
Page 601 and 602:
Page 603 and 604:
If you do not configure this policy
Page 605 and 606:
Page 607 and 608:
Page 609 and 610:
Page 611 and 612:
Page 613 and 614:
Page 615 and 616:
Page 617 and 618:
Impact: Users will need to be domai
Page 619 and 620:
Page 621 and 622:
Page 623 and 624:
Page 625 and 626:
Page 627 and 628:
Page 629 and 630:
Page 631 and 632:
Page 633 and 634:
18.9.11.2.10 (BL) Set 'Choose how B
Page 635 and 636:
Page 637 and 638:
Page 639 and 640:
Page 641 and 642:
Page 643 and 644:
Page 645 and 646:
Page 647 and 648:
Note: Passwords cannot be used if F
Page 649 and 650:
Rationale: TPM without use of a PIN
Page 651 and 652:
Page 653 and 654:
Page 655 and 656:
Note: If you want to require the us
Page 657 and 658:
Page 659 and 660:
Page 661 and 662:
If this policy setting is disabled,
Page 663 and 664:
Page 665 and 666:
Page 667 and 668:
Page 669 and 670:
Page 671 and 672:
Page 673 and 674:
Page 675 and 676:
Page 677 and 678:
Impact: To use BitLocker a Data Rec
Page 679 and 680:
Page 681 and 682:
Page 683 and 684:
Page 685 and 686:
Page 687 and 688:
Page 689 and 690:
Page 691 and 692:
Note: Passwords cannot be used if F
Page 693 and 694:
If you do not configure this policy
Page 695 and 696:
Page 697 and 698:
Page 699 and 700:
Page 701 and 702:
18.9.13 Credential User Interface T
Page 703 and 704:
18.9.13.2 (L1) Set 'Enumerate admin
Page 705 and 706:
18.9.13.3 (L2) Set 'Require trusted
Page 707 and 708:
18.9.14 Data Collection and Preview
Page 709 and 710:
18.9.14.2 (L1) Set 'Disable pre-rel
Page 711 and 712:
18.9.14.3 (L1) Set 'Toggle user con
Page 713 and 714:
18.9.15 Delivery Optimization The G
Page 715 and 716:
18.9.16 Desktop Gadgets This sectio
Page 717 and 718:
18.9.22.2 (L1) Set 'Default Protect
Page 719 and 720:
18.9.22.4 (L1) Set 'Default Protect
Page 721 and 722:
18.9.22.6 (L1) Set 'System DEP' to
Page 723 and 724:
Page 725 and 726:
18.9.24 Event Log Service This sect
Page 727 and 728:
18.9.24.1.2 (L1) Set 'Application:
Page 729 and 730:
18.9.24.2 Security This section con
Page 731 and 732:
18.9.24.2.2 (L1) Set 'Security: Spe
Page 733 and 734:
18.9.24.3 Setup This section contai
Page 735 and 736:
18.9.24.3.2 (L1) Set 'Setup: Specif
Page 737 and 738:
18.9.24.4 System This section conta
Page 739 and 740:
18.9.24.4.2 (L1) Set 'System: Speci
Page 741 and 742:
18.9.25 Event Logging This section
Page 743 and 744:
Rationale: Windows SmartScreen help
Page 745 and 746:
Page 747 and 748:
Page 749 and 750:
Page 751 and 752:
18.9.31 HomeGroup This section cont
Page 753 and 754:
18.9.32 Import Video This section i
Page 755 and 756:
18.9.43 OneDrive (formerly SkyDrive
Page 757 and 758:
18.9.44 Online Assistance This sect
Page 759 and 760:
Page 761 and 762:
Note: You can limit which clients a
Page 763 and 764:
18.9.48.3.3 Device and Resource Red
Page 765 and 766:
18.9.48.3.3.2 (L1) Set 'Do not allo
Page 767 and 768:
18.9.48.3.3.3 (L2) Set 'Do not allo
Page 769 and 770:
18.9.48.3.3.4 (L2) Set 'Do not allo
Page 771 and 772:
18.9.48.3.4 Licensing This section
Page 773 and 774:
Page 775 and 776:
Default Value: Not Configured. If y
Page 777 and 778:
Page 779 and 780:
Page 781 and 782:
Page 783 and 784:
Page 785 and 786:
18.9.50 Search This section contain
Page 787 and 788:
18.9.50.3 (L1) Set 'Allow indexing
Page 789 and 790:
18.9.50.4 (L1) Set 'Allow search an
Page 791 and 792:
18.9.50.5 (L2) Set 'Set what inform
Page 793 and 794:
18.9.51 Security Center This sectio
Page 795 and 796:
Page 797 and 798:
18.9.62 Windows Calendar This secti
Page 799 and 800:
Page 801 and 802:
18.9.67 Windows Game Recording and
Page 803 and 804:
18.9.68 Windows Installer This sect
Page 805 and 806:
18.9.68.2 (L1) Set 'Always install
Page 807 and 808:
18.9.68.3 (L2) Set 'Prevent Interne
Page 809 and 810:
18.9.69 Windows Logon Options This
Page 811 and 812:
18.9.70 Windows Mail This section i
Page 813 and 814:
18.9.78 Windows PowerShell This sec
Page 815 and 816:
18.9.78.2 (L1) Set 'Turn on PowerSh
Page 817 and 818:
18.9.79 Windows Reliability Analysi
Page 819 and 820:
Page 821 and 822:
Page 823 and 824:
Page 825 and 826:
Impact: None - this is the default
Page 827 and 828:
Page 829 and 830:
Page 831 and 832:
18.9.84 Windows Update This section
Page 833 and 834:
18.9.84.2 (L1) Set 'Configure Autom
Page 835 and 836:
18.9.84.3 (L1) Set 'Defer Upgrade'
Page 837 and 838:
18.9.84.4 (L1) Set 'No auto-restart
Page 839 and 840:
19 Administrative Templates (User)
Page 841 and 842:
Impact: The screen saver will autom
Page 843 and 844:
Impact: The screen saver will autom
Page 845 and 846:
Page 847 and 848:
Default Value: Not Configured Refer
Page 849 and 850:
19.5 Start Menu and Taskbar This se
Page 851 and 852:
19.6 System This section contains r
Page 853 and 854:
Page 855 and 856:
19.7.4 Attachment Manager This sect
Page 857 and 858:
19.7.4.2 (L1) Set 'Notify antivirus
Page 859 and 860:
19.7.5 AutoPlay Policies This secti
Page 861 and 862:
19.7.18 Internet Explorer This sect
Page 863 and 864:
19.7.25 Network Sharing This sectio
Page 865 and 866:
19.7.26 Presentation Settings This
Page 867 and 868:
19.7.37 Windows Installer This sect
Page 869 and 870:
19.7.38 Windows Logon Options This
Page 871 and 872:
Page 873 and 874:
Control Set Correctly Yes No 2.2.11
Page 875 and 876:
Control 2.3.7.1 (L1) Set 'Interacti
Page 877 and 878:
Control session security, Require 1
Page 879 and 880:
Control notification' to 'No' (Scor
Page 881 and 882:
Control 17.8 Privilege Use 17.8.1 (
Page 883 and 884:
Control 18.4.8.2 (L2) Set 'Turn on
Page 885 and 886:
Control 18.8.7 Disk NV Cache 18.8.8
Page 887 and 888:
Control 18.8.28. Notification Setti
Page 889 and 890:
Page 891 and 892:
18.9.11.2 .10 18.9.11.2 .11 18.9.11
Page 893 and 894:
Page 895 and 896:
Control approval from an administra
Page 897 and 898:
Control Set Correctly Yes No .10.2
Page 899 and 900:
.2 18.9.80.2 .3 Control Set Correct
Page 901 and 902:
Control 19.7.34 Windows Calendar 19
show all

CIS Microsoft Windows 10 Enterprise RTM (Release 1507) Benchmark

Create successful ePaper yourself

Delete template?

Save as template?