CIS Microsoft Windows 10 Enterprise RTM (Release 1507) Benchmark

More documents

Recommendations

Info

18.9.11.3.11 (BL) Set 'Configure use of hardware-based encryption for removable data drives: Use BitLocker software-based encryption when hardware encryption is not available' to 'Enabled: True' (Scored) Profile Applicability: Level 1 + BitLocker Level 2 + BitLocker Description: This policy setting allows you to manage BitLocker's use of hardware-based encryption on removable data drives and specify which encryption algorithms it can use with hardwarebased encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading or writing of data to the drive. If you enable this policy setting, you can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites used with hardware-based encryption. If you disable this policy setting, BitLocker cannot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default when the drive is encrypted. If you do not configure this policy setting, BitLocker will use hardware-based encryption with the encryption algorithm set for the drive. If hardware-based encryption is not available BitLocker software-based encryption will be used instead. Note: The "Choose drive encryption method and cipher strength" policy setting does not apply to hardware-based encryption. The encryption algorithm used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm configured on the drive to encrypt the drive. The "Restrict encryption algorithms and cipher suites allowed for hardware-based encryption" option enables you to restrict the encryption algorithms that BitLocker can use with hardware encryption. If the algorithm set for the drive is not available, BitLocker will disable the use of hardware-based encryption. 681 | P a g e
Encryption algorithms are specified by object identifiers (OID). For example: - AES 128 in CBC mode OID: 2.16.840.1.101.3.4.1.2 - AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42 The recommended state for this setting is: Enabled: True (checked). Rationale: From a strict security perspective the hardware-based encryption may offer the same, greater, or less protection than what is provided by BitLocker's software-based encryption depending on how the algorithms and key lengths compare. Audit: Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVAllowSoftwareEncryptionFailover Remediation: To establish the recommended configuration via GP, set the following UI path to Enabled: True (checked): Computer Configuration\Policies\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Configure use of hardware-based encryption for removable data drives: Use BitLocker software-based encryption when hardware encryption is not available Impact: Hardware-based encryption can improve performance of both read and write operations to the storage drive. References: 1. CCE-35540-4 682 | P a g e
Page 1 and 2:
CIS Microsoft Windows 10 Enterprise
Page 3 and 4:
Table of Contents Table of Contents
Page 5 and 6:
2.2.21 (L1) Set 'Enable computer an
Page 7 and 8:
2.3.7.3 (BL) Set 'Interactive logon
Page 9 and 10:
2.3.11.5 (L1) Set 'Network security
Page 11 and 12:
9.1.6 (L1) Set 'Windows Firewall: D
Page 13 and 14:
14 Network Access Protection NAP Cl
Page 15 and 16:
18.2.5 (L1) Set 'Password Settings:
Page 17 and 18:
18.6.1 (L1) Set 'Apply UAC restrict
Page 19 and 20:
18.8.24.2 (L1) Set 'Do not enumerat
Page 21 and 22:
18.9.11.1.10 (BL) Set 'Configure us
Page 23 and 24:
18.9.11.2.19 (BL) Set 'Require addi
Page 25 and 26:
18.9.13.3 (L2) Set 'Require trusted
Page 27 and 28:
18.9.48.3.9.3 (L1) Set 'Set client
Page 29 and 30:
19.7 Windows Components ...........
Page 31 and 32:
Typographical Conventions The follo
Page 33 and 34:
Acknowledgements This benchmark exe
Page 35 and 36:
Rationale: The longer a user uses t
Page 37 and 38:
1.1.2 (L1) Set 'Maximum password ag
Page 39 and 40:
1.1.3 (L1) Set 'Minimum password ag
Page 41 and 42:
1.1.4 (L1) Set 'Minimum password le
Page 43 and 44:
1.1.5 (L1) Set 'Password must meet
Page 45 and 46:
References: 1. CCE-33777-4 44 | P a
Page 47 and 48:
Default Value: Disabled References:
Page 49 and 50:
Remediation: To establish the recom
Page 51 and 52:
Impact: If this policy setting is e
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Impact: If you remove the Access th
Page 59 and 60:
2.2.4 (L1) Set 'Adjust memory quota
Page 61 and 62:
2.2.5 (L1) Set 'Allow log on locall
Page 63 and 64:
2.2.6 (L1) Set 'Allow log on throug
Page 65 and 66:
2.2.7 (L1) Set 'Back up files and d
Page 67 and 68:
2.2.8 (L1) Set 'Change the system t
Page 69 and 70:
Impact: There should be no impact,
Page 71 and 72:
2.2.10 (L1) Set 'Create a pagefile'
Page 73 and 74:
Default Value: No one References: 1
Page 75 and 76:
Default Value: Administrators, LOCA
Page 77 and 78:
2.2.14 (L1) Set 'Create symbolic li
Page 79 and 80:
2.2.15 (L1) Set 'Debug programs' to
Page 81 and 82:
2.2.16 (L1) Set 'Deny access to thi
Page 83 and 84:
2.2.17 (L1) Set 'Deny log on as a b
Page 85 and 86:
Rationale: Accounts that can log on
Page 87 and 88:
Default Value: Guest References: 1.
Page 89 and 90:
Impact: If you assign the Deny log
Page 91 and 92:
Page 93 and 94:
Default Value: Administrators Refer
Page 95 and 96:
Page 97 and 98:
Audit: Navigate to the UI Path arti
Page 99 and 100:
Page 101 and 102:
Default Value: Administrators Refer
Page 103 and 104:
2.2.28 (L1) Set 'Manage auditing an
Page 105 and 106:
2.2.30 (L1) Set 'Modify firmware en
Page 107 and 108:
2.2.31 (L1) Set 'Perform volume mai
Page 109 and 110:
Impact: If you remove the Profile s
Page 111 and 112:
References: 1. CCE-35001-7 110 | P
Page 113 and 114:
Default Value: LOCAL SERVICE, NETWO
Page 115 and 116:
Impact: If you remove the Restore f
Page 117 and 118:
Impact: The impact of removing thes
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Impact: All network users will need
Page 127 and 128:
Impact: None. This is the default c
Page 129 and 130:
Impact: You will have to inform use
Page 131 and 132:
2.3.2 Audit This section contains r
Page 133 and 134:
2.3.2.2 (L1) Set 'Audit: Shut down
Page 135 and 136:
2.3.3 DCOM This section is intentio
Page 137 and 138:
Impact: None - the default value is
Page 139 and 140:
2.3.6 Domain member This section co
Page 141 and 142:
Digital encryption and signing of t
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Impact: Users will not see their us
Page 155 and 156:
Impact: Unless they use a smart car
Page 157 and 158:
Rationale: This policy setting dete
Page 159 and 160:
2.3.7.4 (L1) Set 'Interactive logon
Page 161 and 162:
2.3.7.5 (L1) Configure 'Interactive
Page 163 and 164:
2.3.7.6 (L1) Configure 'Interactive
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
2.3.8 Microsoft network client This
Page 173 and 174:
Impact: The Windows 2000 Server, Wi
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Computer Configuration\Policies\Win
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Impact: Disabled is the default con
Page 191 and 192:
Impact: It will be impossible to es
Page 193 and 194:
Impact: It will be impossible to gr
Page 195 and 196:
Impact: Users will be forced to ent
Page 197 and 198:
Page 199 and 200:
Default Value: None References: 1.
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
2.3.10.9 (L1) Set 'Network access:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
2.3.11 Network security This sectio
Page 213 and 214:
Page 215 and 216:
2.3.11.3 (L1) Set 'Network Security
Page 217 and 218:
2.3.11.4 (L1) Set 'Network Security
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Rationale: In Windows Vista, this s
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
2.3.11.10 (L1) Set 'Network securit
Page 233 and 234:
2.3.12 Recovery console This sectio
Page 235 and 236:
2.3.12.2 (L1) Set 'Recovery console
Page 237 and 238:
2.3.13 Shutdown This section is int
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
2.3.17 User Account Control This se
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Rationale: One of the risks that th
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Rationale: UIAccess Integrity allow
Page 259 and 260:
Impact: Users and administrators wi
Page 261 and 262:
Default Value: Enabled References:
Page 263 and 264:
Page 265 and 266:
9 Windows Firewall With Advanced Se
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
9.1.10 (L1) Set 'Windows Firewall:
Page 285 and 286:
Page 287 and 288:
9.2 Private Profile This section co
Page 289 and 290:
9.2.2 (L1) Set 'Windows Firewall: P
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
9.3 Public Profile This section con
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Page 323 and 324:
Page 325 and 326:
Page 327 and 328:
Page 329 and 330:
Page 331 and 332:
10 Network List Manager Policies Th
Page 333 and 334:
Page 335 and 336:
Page 337 and 338:
Impact: If no audit settings are co
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
17.5 Logon/Logoff This section cont
Page 351 and 352:
17.5.2 (L1) Set 'Audit Group Member
Page 353 and 354:
17.5.3 (L1) Set 'Audit Logoff' to '
Page 355 and 356:
17.5.4 (L1) Set 'Audit Logon' to 'S
Page 357 and 358:
17.5.5 (L1) Set 'Audit Other Logon/
Page 359 and 360:
17.5.6 (L1) Set 'Audit Special Logo
Page 361 and 362:
17.6 Object Access This section con
Page 363 and 364:
17.7 Policy Change This section con
Page 365 and 366:
17.7.2 (L1) Set 'Audit Authenticati
Page 367 and 368:
17.8 Privilege Use This section con
Page 369 and 370:
17.9 System This section contains r
Page 371 and 372:
17.9.2 (L1) Set 'Audit Other System
Page 373 and 374:
17.9.3 (L1) Set 'Audit Security Sta
Page 375 and 376:
17.9.4 (L1) Set 'Audit Security Sys
Page 377 and 378:
17.9.5 (L1) Set 'Audit System Integ
Page 379 and 380:
18 Administrative Templates (Comput
Page 381 and 382:
18.1.1.2 (L1) Set 'Prevent enabling
Page 383 and 384:
18.1.2 Regional and Language Option
Page 385 and 386:
18.2 LAPS This section contains rec
Page 387 and 388:
18.2.2 (L1) Set 'Do not allow passw
Page 389 and 390:
18.2.3 (L1) Set 'Enable Local Admin
Page 391 and 392:
Page 393 and 394:
Page 395 and 396:
Page 397 and 398:
18.3 MSS (Legacy) This section cont
Page 399 and 400:
18.3.2 (L1) Set 'MSS: (DisableIPSou
Page 401 and 402:
18.3.3 (L1) Set 'MSS: (DisableIPSou
Page 403 and 404:
18.3.4 (L2) Set 'MSS: (DisableSaveP
Page 405 and 406:
18.3.5 (L1) Set 'MSS: (EnableICMPRe
Page 407 and 408:
18.3.6 (L2) Set 'MSS: (KeepAliveTim
Page 409 and 410:
18.3.7 (L1) Set 'MSS: (NoNameReleas
Page 411 and 412:
18.3.8 (L2) Set 'MSS: (PerformRoute
Page 413 and 414:
18.3.9 (L1) Set 'MSS: (SafeDllSearc
Page 415 and 416:
18.3.10 (L1) Set 'MSS: (ScreenSaver
Page 417 and 418:
18.3.11 (L2) Set 'MSS: (TcpMaxDataR
Page 419 and 420:
18.3.12 (L2) Set 'MSS: (TcpMaxDataR
Page 421 and 422:
18.3.13 (L1) Set 'MSS: (WarningLeve
Page 423 and 424:
18.4 Network This section contains
Page 425 and 426:
18.4.8 Link-Layer Topology Discover
Page 427 and 428:
18.4.8.2 (L2) Set 'Turn on Responde
Page 429 and 430:
18.4.9 Microsoft Peer-to-Peer Netwo
Page 431 and 432:
18.4.10 Network Connections This se
Page 433 and 434:
18.4.10.3 (L1) Set 'Require domain
Page 435 and 436:
18.4.11 Network Connectivity Status
Page 437 and 438:
Rationale: In February 2015, Micros
Page 439 and 440:
18.4.14 Offline Files This section
Page 441 and 442:
Audit: Navigate to the Registry pat
Page 443 and 444:
Page 445 and 446:
Default Value: The default for this
Page 447 and 448:
Impact: If this policy setting is e
Page 449 and 450:
18.4.22 WLAN Service This section c
Page 451 and 452:
Page 453 and 454:
18.6 SCM: Pass the Hash Mitigations
Page 455 and 456:
18.6.2 (L1) Set 'WDigest Authentica
Page 457 and 458:
18.7 Start Menu and Taskbar This se
Page 459 and 460:
Page 461 and 462:
18.8.5 Device Installation This sec
Page 463 and 464:
18.8.5.1.2 (BL) Set 'Prevent instal
Page 465 and 466:
Page 467 and 468:
Page 469 and 470:
Page 471 and 472:
Page 473 and 474:
18.8.6 Device Redirection This sect
Page 475 and 476:
Rationale: This policy setting help
Page 477 and 478:
18.8.18 Group Policy This section c
Page 479 and 480:
18.8.18.3 (L1) Set 'Configure regis
Page 481 and 482:
Impact: None - this is the default
Page 483 and 484:
Impact: This policy setting does no
Page 485 and 486:
18.8.19.1.3 (L2) Set 'Turn off hand
Page 487 and 488:
18.8.19.1.4 (L2) Set 'Turn off Inte
Page 489 and 490:
18.8.19.1.5 (L2) Set 'Turn off Inte
Page 491 and 492:
18.8.19.1.6 (L2) Set 'Turn off prin
Page 493 and 494:
18.8.19.1.7 (L2) Set 'Turn off Regi
Page 495 and 496:
18.8.19.1.8 (L2) Set 'Turn off Sear
Page 497 and 498:
18.8.19.1.9 (L2) Set 'Turn off the
Page 499 and 500:
Page 501 and 502:
Page 503 and 504:
18.8.19.1.12 (L2) Set 'Turn off Win
Page 505 and 506:
18.8.19.1.13 (L2) Set 'Turn off Win
Page 507 and 508:
18.8.20 iSCSI This section is inten
Page 509 and 510:
Impact: Device will attempt to auth
Page 511 and 512:
Default Value: Not Configured. If t
Page 513 and 514:
Impact: If you enable this policy s
Page 515 and 516:
Impact: The Logon UI will not enume
Page 517 and 518:
Default Value: Not configured Refer
Page 519 and 520:
Page 521 and 522:
Page 523 and 524:
Impact: Fonts not located in the %w
Page 525 and 526:
18.8.28 Power Management This secti
Page 527 and 528:
18.8.28.4.2 (BL) Set 'Allow standby
Page 529 and 530:
18.8.28.4.3 (L1) Set 'Require a pas
Page 531 and 532:
18.8.28.4.4 (L1) Set 'Require a pas
Page 533 and 534:
18.8.29 Recovery This section is in
Page 535 and 536:
If you enable this policy setting,
Page 537 and 538:
18.8.30.2 (L1) Set 'Configure Solic
Page 539 and 540:
18.8.31 Remote Procedure Call This
Page 541 and 542:
18.8.31.2 (L1) Set 'Restrict Unauth
Page 543 and 544:
18.8.32 Removable Storage Access Th
Page 545 and 546:
The Group Policy settings contained
Page 547 and 548:
Default Value: If you do not config
Page 549 and 550:
18.8.43 Windows Time Service This s
Page 551 and 552:
18.8.43.1.2 (L2) Set 'Enable Window
Page 553 and 554:
18.9.4 App Package Deployment This
Page 555 and 556:
18.9.5 App Privacy This section is
Page 557 and 558:
Page 559 and 560:
Default Value: Not Configured Refer
Page 561 and 562:
18.9.8 AutoPlay Policies This secti
Page 563 and 564:
18.9.8.2 (L1) Set 'Set the default
Page 565 and 566:
18.9.8.3 (L1) Set 'Turn off Autopla
Page 567 and 568:
18.9.9 Backup This section is inten
Page 569 and 570:
If this policy setting is disabled,
Page 571 and 572:
Note: If the "Do not enable BitLock
Page 573 and 574:
18.9.11.1.3 (BL) Set 'Choose how Bi
Page 575 and 576:
Page 577 and 578:
Select the "Do not enable BitLocker
Page 579 and 580:
Page 581 and 582:
Impact: To use BitLocker, a Data Re
Page 583 and 584:
Page 585 and 586:
Page 587 and 588:
Page 589 and 590:
Page 591 and 592:
Page 593 and 594:
Page 595 and 596:
Rationale: From a strict security p
Page 597 and 598:
Encryption algorithms are specified
Page 599 and 600:
Page 601 and 602:
Page 603 and 604:
If you do not configure this policy
Page 605 and 606:
Page 607 and 608:
Page 609 and 610:
Page 611 and 612:
Page 613 and 614:
Note: If the "Do not enable BitLock
Page 615 and 616:
Page 617 and 618:
Impact: Users will need to be domai
Page 619 and 620:
Page 621 and 622:
Page 623 and 624:
Page 625 and 626:
Page 627 and 628:
Page 629 and 630:
Page 631 and 632: Select the "Do not enable BitLocker
Page 633 and 634: 18.9.11.2.10 (BL) Set 'Choose how B
Page 635 and 636: Impact: Users will need to be domai
Page 637 and 638: Remediation: To establish the recom
Page 639 and 640: Rationale: From a strict security p
Page 641 and 642: Encryption algorithms are specified
Page 647 and 648: Note: Passwords cannot be used if F
Page 649 and 650: Rationale: TPM without use of a PIN
Page 655 and 656: Note: If you want to require the us
Page 661 and 662: If this policy setting is disabled,
Page 663 and 664: Note: If the "Do not enable BitLock
Page 665 and 666: 18.9.11.3.3 (BL) Set 'Choose how Bi
Page 677 and 678: Impact: To use BitLocker a Data Rec
Page 679 and 680: Note: If the "Do not enable BitLock
Page 681: Rationale: From a strict security p
Page 691 and 692: Note: Passwords cannot be used if F
Page 693 and 694: If you do not configure this policy
Page 701 and 702: 18.9.13 Credential User Interface T
Page 703 and 704: 18.9.13.2 (L1) Set 'Enumerate admin
Page 705 and 706: 18.9.13.3 (L2) Set 'Require trusted
Page 707 and 708: 18.9.14 Data Collection and Preview
Page 709 and 710: 18.9.14.2 (L1) Set 'Disable pre-rel
Page 711 and 712: 18.9.14.3 (L1) Set 'Toggle user con
Page 713 and 714: 18.9.15 Delivery Optimization The G
Page 715 and 716: 18.9.16 Desktop Gadgets This sectio
Page 717 and 718: 18.9.22.2 (L1) Set 'Default Protect
Page 719 and 720: 18.9.22.4 (L1) Set 'Default Protect
Page 721 and 722: 18.9.22.6 (L1) Set 'System DEP' to
Page 723 and 724: References: 1. CCE-35485-2 722 | P
Page 725 and 726: 18.9.24 Event Log Service This sect
Page 727 and 728: 18.9.24.1.2 (L1) Set 'Application:
Page 729 and 730: 18.9.24.2 Security This section con
Page 731 and 732: 18.9.24.2.2 (L1) Set 'Security: Spe
Page 733 and 734:
18.9.24.3 Setup This section contai
Page 735 and 736:
18.9.24.3.2 (L1) Set 'Setup: Specif
Page 737 and 738:
18.9.24.4 System This section conta
Page 739 and 740:
18.9.24.4.2 (L1) Set 'System: Speci
Page 741 and 742:
18.9.25 Event Logging This section
Page 743 and 744:
Rationale: Windows SmartScreen help
Page 745 and 746:
Page 747 and 748:
Page 749 and 750:
Page 751 and 752:
18.9.31 HomeGroup This section cont
Page 753 and 754:
18.9.32 Import Video This section i
Page 755 and 756:
18.9.43 OneDrive (formerly SkyDrive
Page 757 and 758:
18.9.44 Online Assistance This sect
Page 759 and 760:
Page 761 and 762:
Note: You can limit which clients a
Page 763 and 764:
18.9.48.3.3 Device and Resource Red
Page 765 and 766:
18.9.48.3.3.2 (L1) Set 'Do not allo
Page 767 and 768:
18.9.48.3.3.3 (L2) Set 'Do not allo
Page 769 and 770:
18.9.48.3.3.4 (L2) Set 'Do not allo
Page 771 and 772:
18.9.48.3.4 Licensing This section
Page 773 and 774:
Page 775 and 776:
Default Value: Not Configured. If y
Page 777 and 778:
Page 779 and 780:
Page 781 and 782:
Page 783 and 784:
Page 785 and 786:
18.9.50 Search This section contain
Page 787 and 788:
18.9.50.3 (L1) Set 'Allow indexing
Page 789 and 790:
18.9.50.4 (L1) Set 'Allow search an
Page 791 and 792:
18.9.50.5 (L2) Set 'Set what inform
Page 793 and 794:
18.9.51 Security Center This sectio
Page 795 and 796:
Page 797 and 798:
18.9.62 Windows Calendar This secti
Page 799 and 800:
Page 801 and 802:
18.9.67 Windows Game Recording and
Page 803 and 804:
18.9.68 Windows Installer This sect
Page 805 and 806:
18.9.68.2 (L1) Set 'Always install
Page 807 and 808:
18.9.68.3 (L2) Set 'Prevent Interne
Page 809 and 810:
18.9.69 Windows Logon Options This
Page 811 and 812:
18.9.70 Windows Mail This section i
Page 813 and 814:
18.9.78 Windows PowerShell This sec
Page 815 and 816:
18.9.78.2 (L1) Set 'Turn on PowerSh
Page 817 and 818:
18.9.79 Windows Reliability Analysi
Page 819 and 820:
Page 821 and 822:
Page 823 and 824:
Page 825 and 826:
Impact: None - this is the default
Page 827 and 828:
Page 829 and 830:
Page 831 and 832:
18.9.84 Windows Update This section
Page 833 and 834:
18.9.84.2 (L1) Set 'Configure Autom
Page 835 and 836:
18.9.84.3 (L1) Set 'Defer Upgrade'
Page 837 and 838:
18.9.84.4 (L1) Set 'No auto-restart
Page 839 and 840:
19 Administrative Templates (User)
Page 841 and 842:
Impact: The screen saver will autom
Page 843 and 844:
Impact: The screen saver will autom
Page 845 and 846:
Page 847 and 848:
Default Value: Not Configured Refer
Page 849 and 850:
19.5 Start Menu and Taskbar This se
Page 851 and 852:
19.6 System This section contains r
Page 853 and 854:
Page 855 and 856:
19.7.4 Attachment Manager This sect
Page 857 and 858:
19.7.4.2 (L1) Set 'Notify antivirus
Page 859 and 860:
19.7.5 AutoPlay Policies This secti
Page 861 and 862:
19.7.18 Internet Explorer This sect
Page 863 and 864:
19.7.25 Network Sharing This sectio
Page 865 and 866:
19.7.26 Presentation Settings This
Page 867 and 868:
19.7.37 Windows Installer This sect
Page 869 and 870:
19.7.38 Windows Logon Options This
Page 871 and 872:
Page 873 and 874:
Control Set Correctly Yes No 2.2.11
Page 875 and 876:
Control 2.3.7.1 (L1) Set 'Interacti
Page 877 and 878:
Control session security, Require 1
Page 879 and 880:
Control notification' to 'No' (Scor
Page 881 and 882:
Control 17.8 Privilege Use 17.8.1 (
Page 883 and 884:
Control 18.4.8.2 (L2) Set 'Turn on
Page 885 and 886:
Control 18.8.7 Disk NV Cache 18.8.8
Page 887 and 888:
Control 18.8.28. Notification Setti
Page 889 and 890:
Page 891 and 892:
18.9.11.2 .10 18.9.11.2 .11 18.9.11
Page 893 and 894:
Page 895 and 896:
Control approval from an administra
Page 897 and 898:
Control Set Correctly Yes No .10.2
Page 899 and 900:
.2 18.9.80.2 .3 Control Set Correct
Page 901 and 902:
Control 19.7.34 Windows Calendar 19
show all

CIS Microsoft Windows 10 Enterprise RTM (Release 1507) Benchmark

Create successful ePaper yourself

Delete template?

Save as template?