| NaN |
Version: 5.20120314 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE ID |
CCE Description |
CCE Parameters |
CCE Technical Mechanisms |
NaN |
Old v4 CCE ID |
NIST SCAP Windows Vista XCCDF (SCAP-WinVista-XCCDF.xml rev 2007-02-06) |
NIST SCAP Windows Vista OVAL (SCAP-WinVista-OVAL.xml rev 2007-02-06) |
FDCC Windows Vista XCCDF (fdcc-accepted-content-20080110\fdcc-winvista-xccdf.xml) |
FDCC Windows Vista OVAL (fdcc-accepted-content-20080110\fdcc-winvista-oval.xml) |
FDCC Windows Vista Firewall XCCDF (fdcc-accepted-content-20080110\fdcc-vistafirewall-xccdf.xml) |
FDCC Windows Vista Firewall OVAL (fdcc-accepted-content-20080110\fdcc-vistafirewall-oval.xml) |
USGCB XCCDF (USGCB-Windows-Vista-xccdf) |
USGCB OVAL (USGCB-Windows-Vista-oval) |
| CCE-2715-1 |
The "reset account lockout counter after" policy should meet minimum requirements. |
(1) number of minutes |
(1) defined by Local or Group Policy |
NaN |
CCE-733 |
reset-account-lockout-counter |
oval:com.secure-elements.oval:def:6009 |
account_lockout_reset_counter |
oval:gov.nist.fdcc.vista:def:6009 |
NaN |
NaN |
NaN |
NaN |
| CCE-2363-0 |
The "account lockout duration" policy should meet minimum requirements. |
(1) number of minutes |
(1) defined by Local or Group Policy |
NaN |
CCE-980 |
account-lockout-duration |
oval:com.secure-elements.oval:def:6007 |
account_lockout_duration |
oval:gov.nist.fdcc.vista:def:6007 |
NaN |
NaN |
NaN |
NaN |
| CCE-3177-3 |
The "account lockout threshold" policy should meet minimum requirements. |
(1) number of attempts |
(1) defined by Local or Group Policy |
NaN |
CCE-658 |
account-lockout-threshold |
oval:com.secure-elements.oval:def:6008 |
account_lockout_threshold |
oval:gov.nist.fdcc.vista:def:6008 |
NaN |
NaN |
NaN |
NaN |
| CCE-2820-9 |
Auditing of "account logon" events on success should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-2628 |
audit-account-logon-events |
oval:com.secure-elements.oval:def:6010 |
audit_account_logon_events |
oval:gov.nist.fdcc.vista:def:27 |
NaN |
NaN |
NaN |
NaN |
| CCE-3089-0 |
Auditing of "account logon" events on failure should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-2543 |
audit-account-logon-events |
oval:com.secure-elements.oval:def:6010 |
audit_account_logon_events |
oval:gov.nist.fdcc.vista:def:27 |
NaN |
NaN |
NaN |
NaN |
| CCE-3234-2 |
Auditing of "account management" events on success should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-2000 |
audit-account-management |
oval:com.secure-elements.oval:def:6011 |
audit_account_management |
oval:gov.nist.fdcc.vista:def:29 |
NaN |
NaN |
NaN |
NaN |
| CCE-3287-0 |
Auditing of "account management" events on failure should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-1646 |
audit-account-management |
oval:com.secure-elements.oval:def:6011 |
audit_account_management |
oval:gov.nist.fdcc.vista:def:29 |
NaN |
NaN |
NaN |
NaN |
| CCE-3041-1 |
Auditing of "directory service access" events on success should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-2118 |
audit-directory-services-access |
oval:com.secure-elements.oval:def:6012 |
audit_directory_service_access |
oval:gov.nist.fdcc.vista:def:30 |
NaN |
NaN |
NaN |
NaN |
| CCE-3309-2 |
Auditing of "directory service access" events on failure should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-2390 |
audit-directory-services-access |
oval:com.secure-elements.oval:def:6012 |
audit_directory_service_access |
oval:gov.nist.fdcc.vista:def:30 |
NaN |
NaN |
NaN |
NaN |
| CCE-3076-7 |
Auditing of "logon" events on success should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-1686 |
audit-logon-events |
oval:com.secure-elements.oval:def:6013 |
audit_logon_events |
oval:gov.nist.fdcc.vista:def:32 |
NaN |
NaN |
NaN |
NaN |
| CCE-2970-2 |
Auditing of "logon" events on failure should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-1744 |
audit-logon-events |
oval:com.secure-elements.oval:def:6013 |
audit_logon_events |
oval:gov.nist.fdcc.vista:def:32 |
NaN |
NaN |
NaN |
NaN |
| CCE-2724-3 |
Auditing of "object access" events on success should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-2640 |
audit-object-access |
oval:com.secure-elements.oval:def:6014 |
audit_object_access |
oval:gov.nist.fdcc.vista:def:34 |
NaN |
NaN |
NaN |
NaN |
| CCE-3243-3 |
Auditing of "object access" events on failure should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-1991 |
audit-object-access |
oval:com.secure-elements.oval:def:6014 |
audit_object_access |
oval:gov.nist.fdcc.vista:def:34 |
NaN |
NaN |
NaN |
NaN |
| CCE-2746-6 |
Auditing of "policy change" events on success should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-2412 |
audit-policy-change |
oval:com.secure-elements.oval:def:6015 |
audit_policy_change |
oval:gov.nist.fdcc.vista:def:35 |
NaN |
NaN |
NaN |
NaN |
| CCE-2653-4 |
Auditing of "policy change" events on failure should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-2347 |
audit-policy-change |
oval:com.secure-elements.oval:def:6015 |
audit_policy_change |
oval:gov.nist.fdcc.vista:def:35 |
NaN |
NaN |
NaN |
NaN |
| CCE-2322-6 |
Auditing of "privilege use" events on success should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-2431 |
audit-privilege-use |
oval:com.secure-elements.oval:def:6016 |
audit_privilege_use |
oval:gov.nist.fdcc.vista:def:36 |
NaN |
NaN |
NaN |
NaN |
| CCE-3257-3 |
Auditing of "privilege use" events on failure should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-2584 |
audit-privilege-use |
oval:com.secure-elements.oval:def:6016 |
audit_privilege_use |
oval:gov.nist.fdcc.vista:def:36 |
NaN |
NaN |
NaN |
NaN |
| CCE-3024-7 |
Auditing of "process tracking" events on success should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-2529 |
audit-process-tracking |
oval:com.secure-elements.oval:def:6017 |
audit_process_tracking |
oval:gov.nist.fdcc.vista:def:40 |
NaN |
NaN |
NaN |
NaN |
| CCE-2927-2 |
Auditing of "process tracking" events on failure should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-2617 |
audit-process-tracking |
oval:com.secure-elements.oval:def:6017 |
audit_process_tracking |
oval:gov.nist.fdcc.vista:def:40 |
NaN |
NaN |
NaN |
NaN |
| CCE-2953-8 |
Auditing of "system" events on success should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-2420 |
audit-system-events |
oval:com.secure-elements.oval:def:6018 |
audit_system_events |
oval:gov.nist.fdcc.vista:def:37 |
NaN |
NaN |
NaN |
NaN |
| CCE-3222-7 |
Auditing of "system" events on failure should be enabled or disabled as appropriate.. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-1680 |
audit-system-events |
oval:com.secure-elements.oval:def:6018 |
audit_system_events |
oval:gov.nist.fdcc.vista:def:37 |
NaN |
NaN |
NaN |
NaN |
| CCE-3121-1 |
The "restrict guest access to application log" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RestrictGuestAccess (2) defined by Group Policy |
NaN |
CCE-299 |
Prevent-Guest-Application-Log-Access |
oval:com.secure-elements.oval:def:6509 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3015-5 |
The application log maximum size should be configured correctly.. |
(1) size of file |
(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Maximum Log Size (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!MaxSize |
NaN |
CCE-185 |
Maximum-Application-Log-Size |
oval:com.secure-elements.oval:def:6506 |
maximum_application_log_size |
oval:gov.nist.fdcc.vista:def:197 |
NaN |
NaN |
NaN |
NaN |
| CCE-2905-8 |
The "when maximum log size is reached" property should be set correctly for the Application log. |
(1) type of retention |
(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Retain old events (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\Application\Retention (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Retention |
NaN |
CCE-285 |
Retention-Method-For-Application-Log |
oval:com.secure-elements.oval:def:6512 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-2659-1 |
The "restrict guest access to security log" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\RestrictGuestAccess (2) defined by Group Policy |
NaN |
CCE-462 |
Prevent-Guest-Security-Log-Access |
oval:com.secure-elements.oval:def:6511 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3302-7 |
The security log maximum size should be configured correctly.. |
(1) size of file |
(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Maximum Log Size (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!MaxSize |
NaN |
CCE-757 |
Maximum-Security-Log-Size |
oval:com.secure-elements.oval:def:6507 |
maximum_security_log_size |
oval:gov.nist.fdcc.vista:def:198 |
NaN |
NaN |
NaN |
NaN |
| CCE-3196-3 |
The "when maximum log size is reached" property should be set correctly for the Security log. |
(1) type of retention |
(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Retain old events (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\Security\Retention (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Retention |
NaN |
CCE-523 |
Retention-Method-For-Security-Log |
oval:com.secure-elements.oval:def:6513 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-2839-9 |
The "restrict guest access to system log" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\RestrictGuestAccess (2) defined by Group Policy |
NaN |
CCE-726 |
Prevent-Guest-System-Log-Access |
oval:com.secure-elements.oval:def:6510 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3165-8 |
The system log maximum size should be configured correctly. |
(1) size of file |
(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Maximum Log Size (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\System!MaxSize |
NaN |
CCE-735 |
Maximum-System-Log-Size |
oval:com.secure-elements.oval:def:6508 |
maximum_system_log_size |
oval:gov.nist.fdcc.vista:def:199 |
NaN |
NaN |
NaN |
NaN |
| CCE-2931-4 |
The "when maximum log size is reached" property should be set correctly for the System log. |
(1) type of retention |
(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Retain old events (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\System\Retention (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Retention |
NaN |
CCE-664 |
Retention-Method-For-System-Log |
oval:com.secure-elements.oval:def:6514 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-2967-8 |
The "maximum password age" policy should meet minimum requirements. |
(1) number of days |
(1) defined by Local or Group Policy |
NaN |
CCE-871 |
maximum-password-age |
oval:com.secure-elements.oval:def:6002 |
password-maximum_age |
oval:gov.nist.fdcc.vista:def:6002 |
NaN |
NaN |
NaN |
NaN |
| CCE-3240-9 |
The "minimum password age" policy should meet minimum requirements. |
(1) number of days |
(1) defined by Local or Group Policy |
NaN |
CCE-324 |
minimum-password-age |
oval:com.secure-elements.oval:def:6003 |
password-minimum-age |
oval:gov.nist.fdcc.vista:def:6003 |
NaN |
NaN |
NaN |
NaN |
| CCE-2883-7 |
The "minimum password length" policy should meet minimum requirements. |
(1) number of days |
(1) defined by Local or Group Policy |
NaN |
CCE-100 |
minimum-password-length |
oval:com.secure-elements.oval:def:6006 |
password-minimum-length |
oval:gov.nist.fdcc.vista:def:6006 |
NaN |
NaN |
NaN |
NaN |
| CCE-3033-8 |
The "password must meet complexity requirments" policy should be set correctly. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-633 |
password-complexity |
oval:com.secure-elements.oval:def:6004 |
password_complexity |
oval:gov.nist.fdcc.vista:def:6004 |
NaN |
NaN |
NaN |
NaN |
| CCE-2323-4 |
The "enforce password history" policy should meet minimum requirements. |
(1) number of passwords remembered |
(1) defined by Local or Group Policy |
NaN |
CCE-60 |
enforce-password-history |
oval:com.secure-elements.oval:def:6001 |
password_enforce_history |
oval:gov.nist.fdcc.vista:def:6001 |
NaN |
NaN |
NaN |
NaN |
| CCE-3311-8 |
The "store password using reversible encryption for all users in the domain" policy should be set correctly. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-479 |
reversible-password-encryption |
oval:com.secure-elements.oval:def:6005 |
password_reversible_encryption |
oval:gov.nist.fdcc.vista:def:6005 |
NaN |
NaN |
NaN |
NaN |
| CCE-3316-7 |
The startup type of the Messenger service should be correct. |
(1) disabled/manual/automatic/automatic (delayed start) |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy |
NaN |
CCE-729 |
Do-not-allow-Windows-Messenger-to-be-run |
oval:com.secure-elements.oval:def:6601 |
do_not_allow_windows_messenger_to_be_run |
oval:gov.nist.fdcc.vista:def:6601 |
NaN |
NaN |
NaN |
NaN |
| CCE-3082-5 |
The startup type of the NetMeeting Remote Desktop Sharing service should be correct. |
(1) disabled/manual/automatic/automatic (delayed start) |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy |
NaN |
CCE-232 |
Disable-remote-Desktop-Sharing |
oval:com.secure-elements.oval:def:6595 |
Disable-remote-Desktop-Sharing |
oval:gov.nist.fdcc.vista:def:6595 |
NaN |
NaN |
NaN |
NaN |
| CCE-3232-6 |
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts and shares should be correct. |
(1) restricted/unrestricted |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous (2) defined by Local or Group Policy |
NaN |
CCE-195 |
do-not-allow-anonymous-enumeration-sam-accounts-shares |
oval:com.secure-elements.oval:def:6071 |
do-not-allow-anonymous-enumeration-sam-accounts-shares |
oval:gov.nist.fdcc.vista:def:6071 |
NaN |
NaN |
NaN |
NaN |
| CCE-3272-2 |
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts should be correct. |
(1) restricted/unrestricted |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM (2) defined by Local or Group Policy |
NaN |
CCE-318 |
do-not-allow-anonymous-enumeration-sam |
oval:com.secure-elements.oval:def:6070 |
do-not-allow-anonymous-enumeration-sam |
oval:gov.nist.fdcc.vista:def:6070 |
NaN |
NaN |
NaN |
NaN |
| CCE-2339-0 |
The behavior surrounding Anonymous SID/Name translation should be correct. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AnonymousNameLookup (2) defined by Local or Group |
NaN |
CCE-953 |
Anonymous-SID-Name-Translation |
NaN |
anonymous_sid_name_translation |
oval:gov.nist.fdcc.vista:def:6106 |
NaN |
NaN |
NaN |
NaN |
| CCE-3248-2 |
Use of the built-in Guest account should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Local Users and Groups MMC |
NaN |
CCE-332 |
guest-account-status |
oval:com.secure-elements.oval:def:6020 |
guest-account-status |
oval:gov.nist.fdcc.vista:def:6020 |
NaN |
NaN |
NaN |
NaN |
| CCE-3032-0 |
Use of the built-in Administrator account should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Local Users and Groups MMC |
NaN |
CCE-499 |
administrator-account-status |
oval:com.secure-elements.oval:def:6019 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3314-2 |
The "Message title for users attempting to log on" policy should be set correctly. |
(1) text caption |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption (2) defined by Local or Group Policy |
NaN |
CCE-23 |
message-title-users-attempting-logon |
oval:com.secure-elements.oval:def:6042 |
message-title-users-attempting-logon |
oval:gov.nist.fdcc.vista:def:6042 |
NaN |
NaN |
NaN |
NaN |
| CCE-3336-5 |
The "Message text for users attempting to log on" policy should be set correctly. |
(1) text statement |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText (2) defined by Local or Group Policy |
NaN |
CCE-829 |
message-text-users-attempting-logon |
oval:com.secure-elements.oval:def:6041 |
message-text-users-attempting-logon |
oval:gov.nist.fdcc.vista:def:6041 |
NaN |
NaN |
NaN |
NaN |
| CCE-3072-6 |
Automatic Logon should be properly configured. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon |
NaN |
CCE-283 |
enable-automatic-logon |
oval:com.secure-elements.oval:def:6054 |
enable-automatic-logon |
oval:gov.nist.fdcc.vista:def:6054 |
NaN |
NaN |
NaN |
NaN |
| CCE-2719-3 |
Autoplay on all Drive Types should be properly configured. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun |
NaN |
CCE-44 |
Turn-off-Autoplay, no-drive-type-auto-run |
oval:com.secure-elements.oval:def:6574, oval:com.secure-elements.oval:def:6060 |
turn_off_autoplay |
oval:gov.nist.fdcc.vista:def:6574 |
NaN |
NaN |
NaN |
NaN |
| CCE-3239-1 |
ICMP Redirects should be properly configured. |
(1) enabled/ignored |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesTcpip\Parameters\EnableICMPRedirect |
NaN |
CCE-150 |
enable-icmp-redirect |
oval:com.secure-elements.oval:def:6057 |
enable-icmp-redirect |
oval:gov.nist.fdcc.vista:def:6057 |
NaN |
NaN |
NaN |
NaN |
| CCE-3261-5 |
IP Source Routing should be properly configured. |
(1) 0 = No additional protection, source routed packets are allowed | 1 = Medium, source routed packets ignored when IP forwarding is enabled | 2 = Highest protection, source routing is completely disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting |
NaN |
CCE-564 |
disable-ip-source-routing |
oval:com.secure-elements.oval:def:6055 |
disable-ip-source-routing |
oval:gov.nist.fdcc.vista:def:6055 |
NaN |
NaN |
NaN |
NaN |
| CCE-3279-7 |
IRDP should be properly configured. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery |
NaN |
CCE-952 |
perform-router-discovery |
oval:com.secure-elements.oval:def:6063 |
perform-router-discovery |
oval:gov.nist.fdcc.vista:def:6063 |
NaN |
NaN |
NaN |
NaN |
| CCE-3173-2 |
Display Last User Name in Logon Screen should be properly configured. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName |
NaN |
CCE-65 |
do-not-display-last-user-name |
oval:com.secure-elements.oval:def:6039 |
do-not-display-last-user-name |
oval:gov.nist.fdcc.vista:def:6039 |
NaN |
NaN |
NaN |
NaN |
| CCE-3067-6 |
System availability to Master Browser should be properly configured. |
(1) available/hidden |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters\Hidden |
NaN |
CCE-139 |
hide-system-from-browse-list |
oval:com.secure-elements.oval:def:6058 |
hide-system-from-browse-list |
oval:gov.nist.fdcc.vista:def:6058 |
NaN |
NaN |
NaN |
NaN |
| CCE-3120-3 |
TCP/IP Dead Gateway Detection should be properly configured. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect |
NaN |
CCE-897 |
enable-dead-gw-detect |
oval:com.secure-elements.oval:def:6056 |
enable-dead-gw-detect |
oval:gov.nist.fdcc.vista:def:6056 |
NaN |
NaN |
NaN |
NaN |
| CCE-3142-7 |
The TCP/IP KeepAlive Time should be set correctly . |
(1) number of milliseconds |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime |
NaN |
CCE-188 |
keep-alive-time |
oval:com.secure-elements.oval:def:6059 |
keep-alive-time |
oval:gov.nist.fdcc.vista:def:6059 |
NaN |
NaN |
NaN |
NaN |
| CCE-2785-4 |
TCP/IP NetBIOS Name Release on Request Prevented should be properly configured. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand |
NaN |
CCE-817 |
no-name-release-on-demand |
oval:com.secure-elements.oval:def:6061 |
no-name-release-on-demand |
oval:gov.nist.fdcc.vista:def:6061 |
NaN |
NaN |
NaN |
NaN |
| CCE-2679-9 |
TCP/IP SYN Flood Attack Protection should be properly configured. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect |
NaN |
CCE-284 |
syn-attack-protect |
oval:com.secure-elements.oval:def:6066 |
syn-attack-protect |
oval:gov.nist.fdcc.vista:def:6066 |
NaN |
NaN |
NaN |
NaN |
| CCE-3181-5 |
Security Audit log warning level should be properly configured. |
(1) warning level |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Security\WarningLevel |
NaN |
CCE-125 |
warning-level |
oval:com.secure-elements.oval:def:6069 |
warning-level |
oval:gov.nist.fdcc.vista:def:6069 |
NaN |
NaN |
NaN |
NaN |
| CCE-3199-7 |
Safe DLL Search Mode should be properly configured. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Session Manager\SafeDllSearchMode |
NaN |
CCE-271 |
safe-dll-search-mode |
oval:com.secure-elements.oval:def:6064 |
safe-dll-search-mode |
oval:gov.nist.fdcc.vista:def:6064 |
NaN |
NaN |
NaN |
NaN |
| CCE-2714-4 |
The built-in Administrator account should be correctly named. |
(1) valid names |
(1) defined by Local or Group Policy |
NaN |
CCE-438 |
rename-administrator |
oval:com.secure-elements.oval:def:6022 |
rename-administrator |
oval:gov.nist.fdcc.vista:def:6022 |
NaN |
NaN |
NaN |
NaN |
| CCE-2359-8 |
The built-in Guest account should be correctly named. |
(1) valid names |
(1) defined by Local or Group Policy |
NaN |
CCE-834 |
rename-guest |
oval:com.secure-elements.oval:def:6023 |
rename-guest |
oval:gov.nist.fdcc.vista:def:6023 |
NaN |
NaN |
NaN |
NaN |
| CCE-2519-7 |
The amount of idle time required before disconnecting a session should be set correctly. |
(1) number of minutes |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect (2) defined by Local or Group Policy |
NaN |
CCE-222 |
amount-of-idle-time-required-before-suspending-session |
oval:com.secure-elements.oval:def:6050 |
amount-of-idle-time-required-before-suspending-session |
oval:gov.nist.fdcc.vista:def:6050 |
NaN |
NaN |
NaN |
NaN |
| CCE-3285-4 |
The "Audit the access of global system objects" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects (2) defined by Local or Group Policy |
NaN |
CCE-2 |
audit-access-global-system-objects |
oval:com.secure-elements.oval:def:6024 |
audit-access-global-system-objects |
oval:gov.nist.fdcc.vista:def:6024 |
NaN |
NaN |
NaN |
NaN |
| CCE-3303-5 |
The "Audit the use of backup and restore privilege" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing (2) defined by Local or Group Policy |
NaN |
CCE-905 |
audit-use-backup-restore-privilege |
oval:com.secure-elements.oval:def:6025 |
audit-use-backup-restore-privilege |
oval:gov.nist.fdcc.vista:def:6025 |
NaN |
NaN |
NaN |
NaN |
| CCE-3307-6 |
The "Disable CTRL+ALT+Delete Requirement for Logon" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD (2) defined by Local or Group Policy |
NaN |
CCE-133 |
do-not-require-ctrlaltdel |
oval:com.secure-elements.oval:def:6040 |
do-not-require-ctrlaltdel |
oval:gov.nist.fdcc.vista:def:6040 |
NaN |
NaN |
NaN |
NaN |
| CCE-3325-8 |
The "Prevent Users from Installing Printer Drivers" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers (2) defined by Local or Group Policy |
NaN |
CCE-402 |
prevent-users-installing-printers |
oval:com.secure-elements.oval:def:6030 |
prevent-users-installing-printers |
oval:gov.nist.fdcc.vista:def:6030 |
NaN |
NaN |
NaN |
NaN |
| CCE-2858-9 |
The "Restrict CD-ROM Access to Locally Logged-On User Only" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms (2) defined by Local or Group Policy |
NaN |
CCE-565 |
restrict-cdrom-access-local-users-only |
oval:com.secure-elements.oval:def:6031 |
restrict-cdrom-access-local-users-only |
oval:gov.nist.fdcc.vista:def:6031 |
NaN |
NaN |
NaN |
NaN |
| CCE-3168-2 |
The "Restrict Floppy Access to Locally Logged-On User Only" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies (2) defined by Local or Group Policy |
NaN |
CCE-463 |
restrict-floppy-access-local-users-only |
oval:com.secure-elements.oval:def:6032 |
restrict-floppy-access-local-users-only |
oval:gov.nist.fdcc.vista:def:6032 |
NaN |
NaN |
NaN |
NaN |
| CCE-3212-8 |
The "Secure Channel: Require Strong (Windows 2000 or later) Session Key" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey (2) defined by Local or Group Policy |
NaN |
CCE-417 |
require-strong-session-key |
oval:com.secure-elements.oval:def:6038 |
require-strong-session-key |
oval:gov.nist.fdcc.vista:def:6038 |
NaN |
NaN |
NaN |
NaN |
| CCE-2838-1 |
The "Send Unencrypted Password to Connect to Third-Party SMB Servers" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword (2) defined by Local or Group Policy |
NaN |
CCE-228 |
send-unencrypted-password-to-third-party-smb-servers |
oval:com.secure-elements.oval:def:6049 |
send-unencrypted-password-to-third-party-smb-servers |
oval:gov.nist.fdcc.vista:def:6049 |
NaN |
NaN |
NaN |
NaN |
| CCE-3230-0 |
The "Users Prompted to Change Password Before Expiration" policy should be set correctly. |
(1) number of days prior to expiration |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning (2) defined by Local or Group Policy |
NaN |
CCE-814 |
prompt-user-to-change-password-before-expiration |
oval:com.secure-elements.oval:def:6044 |
prompt-user-to-change-password-before-expiration |
oval:gov.nist.fdcc.vista:def:6044 |
NaN |
NaN |
NaN |
NaN |
| CCE-3001-5 |
The "Shut Down system immediately if unable to log security audits" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail (2) defined by Local or Group Policy |
NaN |
CCE-92 |
shutdown-system-unable-log-audits |
oval:com.secure-elements.oval:def:6027 |
shutdown-system-unable-log-audits |
oval:gov.nist.fdcc.vista:def:6027 |
NaN |
NaN |
NaN |
NaN |
| CCE-3252-4 |
The "Digitally Sign Client Communication (Always)" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature (2) defined by Local or Group Policy |
NaN |
CCE-576 |
digitally-sign-communications-client-always |
oval:com.secure-elements.oval:def:6047 |
digitally-sign-communications-client-always |
oval:gov.nist.fdcc.vista:def:6047 |
NaN |
NaN |
NaN |
NaN |
| CCE-2380-4 |
The "Digitally Sign Client Communication (When Possible)" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature (2) defined by Local or Group Policy |
NaN |
CCE-519 |
digitally-sign-communications-client-server-agrees |
oval:com.secure-elements.oval:def:6048 |
digitally-sign-communications-client-server-agrees |
oval:gov.nist.fdcc.vista:def:6048 |
NaN |
NaN |
NaN |
NaN |
| CCE-3023-9 |
The "Digitally Sign Server Communication (Always)" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature (2) defined by Local or Group Policy |
NaN |
CCE-171 |
digitally-sign-communications-server-always |
oval:com.secure-elements.oval:def:6051 |
digitally-sign-communications-server-always |
oval:gov.nist.fdcc.vista:def:6051 |
NaN |
NaN |
NaN |
NaN |
| CCE-3164-1 |
The "Digitally Sign Server Communication (When Possible)" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature (2) defined by Local or Group Policy |
NaN |
CCE-104 |
digitally-sign-communications-server-client-agrees |
oval:com.secure-elements.oval:def:6052 |
digitally-sign-communications-server-client-agrees |
oval:gov.nist.fdcc.vista:def:6052 |
NaN |
NaN |
NaN |
NaN |
| CCE-2376-2 |
The "Number of Previous Logons to Cache" policy should be set correctly. |
(1) number of logons |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount (2) defined by Local or Group Policy |
NaN |
CCE-773 |
number-of-previous-logons-to-cache |
oval:com.secure-elements.oval:def:6043 |
number-of-previous-logons-to-cache |
oval:gov.nist.fdcc.vista:def:6043 |
NaN |
NaN |
NaN |
NaN |
| CCE-3225-0 |
The "Allowed to Format and Eject Removable NTFS Media" policy should be set correctly. |
(1) Group(s) |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD (2) defined by Local or Group Policy |
NaN |
CCE-919 |
allow-format-eject-removable-media |
oval:com.secure-elements.oval:def:6029 |
allow-format-eject-removable-media |
oval:gov.nist.fdcc.vista:def:6029 |
NaN |
NaN |
NaN |
NaN |
| CCE-3330-8 |
The "Secure Channel: Digitally Encrypt or Sign Secure Channel Data (Always)" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal (2) defined by Local or Group Policy |
NaN |
CCE-549 |
digitally-encrypt-or-sign-secure-channel-data-always |
oval:com.secure-elements.oval:def:6034 |
digitally-encrypt-or-sign-secure-channel-data-always |
oval:gov.nist.fdcc.vista:def:6034 |
NaN |
NaN |
NaN |
NaN |
| CCE-2467-9 |
The "Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel (2) defined by Local or Group Policy |
NaN |
CCE-161 |
digitally-encrypt-secure-channel-data-when-possible |
oval:com.secure-elements.oval:def:6033 |
digitally-encrypt-secure-channel-data-when-possible |
oval:gov.nist.fdcc.vista:def:6033 |
NaN |
NaN |
NaN |
NaN |
| CCE-3233-4 |
The "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel (2) defined by Local or Group Policy |
NaN |
CCE-918 |
digitally-sign-secure-channel-data-when-possible |
oval:com.secure-elements.oval:def:6035 |
digitally-sign-secure-channel-data-when-possible |
oval:gov.nist.fdcc.vista:def:6035 |
NaN |
NaN |
NaN |
NaN |
| CCE-3251-6 |
The "Smart Card Removal Behavior" policy should be set correctly. |
(1) behavior |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption (2) defined by Local or Group Policy |
NaN |
CCE-443 |
smart-card-removal-behaviour |
oval:com.secure-elements.oval:def:6046 |
smart-card-removal-behaviour |
oval:gov.nist.fdcc.vista:def:6046 |
NaN |
NaN |
NaN |
NaN |
| CCE-3255-7 |
The "Prevent System Maintenance of Computer Account Password" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange (2) defined by Local or Group Policy |
NaN |
CCE-831 |
disable-machine-account-password-changes |
oval:com.secure-elements.oval:def:6036 |
disable-machine-account-password-changes |
oval:gov.nist.fdcc.vista:def:6036 |
NaN |
NaN |
NaN |
NaN |
| CCE-2398-6 |
The "Limit local account user of blank passwords to console logon only" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse (2) defined by Local or Group Policy |
NaN |
CCE-533 |
limit-blank-password-use |
oval:com.secure-elements.oval:def:6021 |
limit-blank-password-use |
oval:gov.nist.fdcc.vista:def:6021 |
NaN |
NaN |
NaN |
NaN |
| CCE-3326-6 |
The "Allow undock without having to logon" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon (2) defined by Local or Group Policy |
NaN |
CCE-186 |
allow-undock-no-logon |
oval:com.secure-elements.oval:def:6028 |
allow-undock-no-logon |
oval:gov.nist.fdcc.vista:def:6028 |
NaN |
NaN |
NaN |
NaN |
| CCE-3075-9 |
The "Maximum machine account password age" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge (2) defined by Local or Group Policy |
NaN |
CCE-194 |
maximum-machine-account-password-age |
oval:com.secure-elements.oval:def:6037 |
maximum_machine-account-password-age |
oval:gov.nist.fdcc.vista:def:6037 |
NaN |
NaN |
NaN |
NaN |
| CCE-3220-1 |
The "Require Domain Controller authentication to unlock workstation" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon (2) defined by Local or Group Policy |
NaN |
CCE-374 |
require-domain-controller-authentication-to-unlock |
oval:com.secure-elements.oval:def:6045 |
require-domain-controller-authentication-to-unlock |
oval:gov.nist.fdcc.vista:def:6045 |
NaN |
NaN |
NaN |
NaN |
| CCE-3361-3 |
The "Disconnect clients when logon hours expire" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogoff (2) defined by Local or Group Policy |
NaN |
CCE-278 |
disconnect-client-when-logon-hours-expire |
oval:com.secure-elements.oval:def:6053 |
disconnect-client-when-logon-hours-expire |
oval:gov.nist.fdcc.vista:def:6053 |
NaN |
NaN |
NaN |
NaN |
| CCE-3379-5 |
The "Do not allow storage of credentials or .NET Passports" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds (2) defined by Local or Group Policy |
NaN |
CCE-542 |
do-not-allow-storage-credentials-net-passports-network-authn |
oval:com.secure-elements.oval:def:6072 |
do-not-allow-storage-credentials-net-passports-network-authn |
oval:gov.nist.fdcc.vista:def:6072 |
NaN |
NaN |
NaN |
NaN |
| CCE-2457-0 |
The "Let Everyone permissions apply to anonymous users" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous (2) defined by Local or Group Policy |
NaN |
CCE-18 |
let-everyone-permissions-apply-to-anonymous-users |
oval:com.secure-elements.oval:def:6073 |
let-everyone-permissions-apply-to-anonymous-users |
oval:gov.nist.fdcc.vista:def:6073 |
NaN |
NaN |
NaN |
NaN |
| CCE-3380-3 |
The "Named Pipes that can be accessed anonymously" policy should be set correctly. |
(1) list of named pipes |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes (2) defined by Local or Group Policy |
NaN |
CCE-136 |
named-pipes-accessed-anonymously |
oval:com.secure-elements.oval:def:6074 |
named-pipes-accessed-anonymously |
oval:gov.nist.fdcc.vista:def:6074 |
NaN |
NaN |
NaN |
NaN |
| CCE-2825-8 |
The "Remotely accessible registry paths" policy should be set correctly. |
(1) set of paths |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPathsHKLM (2) defined by Local or Group Policy |
NaN |
CCE-189 |
Remotely-accessible-registry-paths, Remotely-accessible-registry-paths-and-sub-paths |
oval:com.secure-elements.oval:def:6075oval:com.secure-elements.oval:def:6076 |
Remotely-accessible-registry-paths |
oval:gov.nist.fdcc.vista:def:6075 |
NaN |
NaN |
NaN |
NaN |
| CCE-3349-8 |
The "Shares that can be accessed anonymously" policy should be set correctly. |
(1) set of shares |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares (2) defined by Local or Group Policy |
NaN |
CCE-942 |
Shares-that-can-be-accessed-anonymously -- NOTE: COMMENTED OUT |
NaN |
Shares-that-can-be-accessed-anonymously |
oval:gov.nist.fdcc.vista:def:60771 |
NaN |
NaN |
NaN |
NaN |
| CCE-3367-0 |
The "Sharing and security model for local accounts" policy should be set correctly. |
(1) Classic/Guest only |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest (2) defined by Local or Group Policy |
NaN |
CCE-343 |
Sharing-and-security-model-for-local-accounts |
oval:com.secure-elements.oval:def:6079 |
Sharing-and-security-model-for-local-accounts |
oval:gov.nist.fdcc.vista:def:6079 |
NaN |
NaN |
NaN |
NaN |
| CCE-3138-5 |
The "Do not store LAN Manager hash value on next password change" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash (2) defined by Local or Group Policy |
NaN |
CCE-233 |
Do-not-store-LAN-Manager-hash-value-on-next-password-change |
oval:com.secure-elements.oval:def:6080 |
Do-not-store-LAN-Manager-hash-value-on-next-password-change |
oval:gov.nist.fdcc.vista:def:6080 |
NaN |
NaN |
NaN |
NaN |
| CCE-3283-9 |
The "Force logoff when logon hours expire" policy should be set correctly. |
(1) enabled/disabled |
(1) defined by Local or Group Policy |
NaN |
CCE-775 |
Force-logoff-when-logon-hours-expire |
oval:com.secure-elements.oval:def:6081 |
Force-logoff-when-logon-hours-expire |
oval:gov.nist.fdcc.vista:def:6081 |
NaN |
NaN |
NaN |
NaN |
| CCE-3050-2 |
The "Screen Saver Timeout" setting should be configured correctly for the current user. |
(1) time in seconds |
(1) User Configuration\Administrative Templates\Control Panel\Display\Screen Saver Timeout (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut (3) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut |
NaN |
CCE-830 |
NaN |
NaN |
screen_save_timeout |
oval:gov.nist.fdcc.vista:def:6708 |
NaN |
NaN |
NaN |
NaN |
| CCE-3429-8 |
The "Always Prompt Client for Password upon Connection" policy should be set correctly for Terminal Services. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword |
NaN |
CCE-855 |
Always-prompt-client-for-password-upon-connection |
oval:com.secure-elements.oval:def:6599 |
Always-prompt-client-for-password-upon-connection |
oval:gov.nist.fdcc.vista:def:6599 |
NaN |
NaN |
NaN |
NaN |
| CCE-3323-3 |
The "Allow Solicited Remote Assistance" policy should be set correctly for Terminal Services. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp |
NaN |
CCE-859 |
Solicited-Remote-Assistance |
oval:com.secure-elements.oval:def:6564 |
solicited_remote_assistance |
oval:gov.nist.fdcc.vista:def:6564 |
NaN |
NaN |
NaN |
NaN |
| CCE-3217-7 |
The "Allow Unsolicited Remote Assistance" policy should be set correctly for Terminal Services. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited |
NaN |
CCE-434 |
Offer-Remote-Assistance |
oval:com.secure-elements.oval:def:6563 |
offer_remote_assistance |
oval:gov.nist.fdcc.vista:def:6563 |
NaN |
NaN |
NaN |
NaN |
| CCE-3358-9 |
The "Configure Automatic Updates" should be set correctly |
NaN |
NaN |
NaN |
CCE-306 |
Configure-Automatic-Updates |
oval:com.secure-elements.oval:def:6604 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3345-6 |
The "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" should be set correctly |
NaN |
NaN |
NaN |
CCE-989 |
Do-not-adjust-default-option-to-Install-Updates-and-Shut-Down |
oval:com.secure-elements.oval:def:6603 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3363-9 |
The "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" should be set correctly |
NaN |
NaN |
NaN |
CCE-1 |
Do-not-display-Install-Updates-and-Shut-Down |
oval:com.secure-elements.oval:def:6602 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-2462-0 |
The "No auto-restart for scheduled Automatic Updates installations |
NaN |
NaN |
NaN |
CCE-641 |
No-auto-restart-for-scheduled-Automatic-Updates-installations |
oval:com.secure-elements.oval:def:6605 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-2852-2 |
The "Reschedule Automatic Updates scheduled installations" should be set correctly |
NaN |
NaN |
NaN |
CCE-804 |
Reschedule-Automatic-Updates-scheduled-installations |
oval:com.secure-elements.oval:def:6606 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3371-2 |
The "DCOM: Machine access Restrictions in Security Descriptor Definition Language (SDDL) syntax" setting should be configured correctly. |
NaN |
NaN |
NaN |
CCE-458 |
MachineAccessRestrictions |
NaN |
MachineAccessRestrictions |
oval:gov.nist.fdcc.vista:def:608243 |
NaN |
NaN |
NaN |
NaN |
| CCE-3266-4 |
The "DCOM: Machine Launch Restrictions in the Security Descriptor Definition Language (SDDL) syntax" security option should be set correctly. |
NaN |
NaN |
NaN |
CCE-740 |
MachineLaunchRestrictions |
NaN |
MachineLaunchRestrictions |
oval:gov.nist.fdcc.vista:def:608244 |
NaN |
NaN |
NaN |
NaN |
| CCE-3411-6 |
The "Display user information when the session is locked" setting should be configured correctly. |
NaN |
NaN |
NaN |
CCE-22 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-2772-2 |
The "Interactive logon: Requre smart card" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\SCForceOption |
NaN |
CCE-828 |
Require-Smart-Card |
oval:com.secure-elements.oval:def:6082 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3292-0 |
The "Network access: Restrict anonymous access to named pipes and shares" setting should be configured correctly. |
NaN |
NaN |
NaN |
CCE-638 |
Restrict-anonymous-access-to-Named-Pipes-and-Shares |
oval:com.secure-elements.oval:def:6077 |
Restrict-anonymous-access-to-Named-Pipes-and-Shares |
oval:gov.nist.fdcc.vista:def:6077 |
NaN |
NaN |
NaN |
NaN |
| CCE-3459-5 |
MSS:(TCPMaxConnectResponseRetransmission) SYN-ACK retansmissions when a connection request is not acknowledged |
(1) number of seconds |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions |
NaN |
CCE-577 |
tcp-max-connect-response-retransmissions |
oval:com.secure-elements.oval:def:6067 |
tcp-max-connect-response-retransmissions |
oval:gov.nist.fdcc.vista:def:6067 |
NaN |
NaN |
NaN |
NaN |
| CCE-3460-3 |
MSS:(TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted |
(1) number of retransmissions |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions |
NaN |
CCE-872 |
tcp-max-data-retransmissions |
oval:com.secure-elements.oval:def:6068 |
tcp-max-data-retransmissions |
oval:gov.nist.fdcc.vista:def:6068 |
NaN |
NaN |
NaN |
NaN |
| CCE-3244-1 |
The automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation |
NaN |
CCE-511 |
ntfs-disable-8dot3-name-creation |
oval:com.secure-elements.oval:def:6062 |
ntfs-disable-8dot3-name-creation |
oval:gov.nist.fdcc.vista:def:6062 |
NaN |
NaN |
NaN |
NaN |
| CCE-3394-4 |
RPC Endpiont Mapper Client Authentication (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC\EnableAuthEpResolution |
NaN |
CCE-145 |
RPC-Endpoint-Mapper-Client-Authentication |
oval:com.secure-elements.oval:def:6566 |
rpc_endpoint_mapper_client_authentication |
oval:gov.nist.fdcc.vista:def:6566 |
NaN |
NaN |
NaN |
NaN |
| CCE-3160-9 |
Restrictions for Unauthenticated RPC clients (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC\RestrictRemoteClients |
NaN |
CCE-423 |
Restrictions-for-Unauthenticated-RPC-clients |
oval:com.secure-elements.oval:def:6565 |
restrictions_for_unauthenticated_rpc_clients |
oval:gov.nist.fdcc.vista:def:6565 |
NaN |
NaN |
NaN |
NaN |
| CCE-3054-4 |
Domain Profile: Protect all network connections (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall |
NaN |
CCE-806 |
Domain-Profile-Firewall-Protect-All-Network-Connections, Domain-Profile-Firewall-State |
oval:com.secure-elements.oval:def:6547, oval:com.secure-elements.oval:def:6515 |
NaN |
NaN |
domain_profile_firewall_state |
oval:gov.nist.fdcc.vistafirewall:def:6515 |
NaN |
NaN |
| CCE-3187-2 |
Domain Profile: Do not allow exceptions (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions |
NaN |
CCE-969 |
Domain-Profile-Firewall-Do-Not-Allow-Exceptions |
oval:com.secure-elements.oval:def:6544 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3405-8 |
Domain Profile: Allow local program exceptions |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\AllowUserPrefMerge |
NaN |
CCE-502 |
Domain-Profile-Firewall-Allow-Local-Program-Exceptions |
oval:com.secure-elements.oval:def:6541 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3158-3 |
Domain Profile: Allow remote administration |
(1) enabled/disabled (2) subnets for internal support only |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Enabled |
NaN |
CCE-771 |
Domain-Profile-Firewall-Allow-Inbound-Remote-Administration-Exception |
oval:com.secure-elements.oval:def:6537 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3431-4 |
Domain Profile: Allow file and printer sharing exception (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Services\FileAndPrint\Enabled |
NaN |
CCE-555 |
Domain-Profile-Firewall-Allow-Inbound-File-And-Printer-Sharing-Exception |
oval:com.secure-elements.oval:def:6536 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3458-7 |
Domain Profile: Allow Remote Desktop exception (SP2 only) |
(1) enabled/disabled (2) subnets for internal support only |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Services\RemoteDesktop\Enabled |
NaN |
CCE-832 |
Domain-Profile-Firewall-Allow-Inbound-Remote-Desktop-Exceptions |
oval:com.secure-elements.oval:def:6538 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-2964-5 |
Domain Profile: Allow UPnP framework exception (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Services\UPnPFramework\Enabled |
NaN |
CCE-590 |
Domain-Profile-Firewall-Allow-Inbound-UPnP-Framework-Exceptions |
oval:com.secure-elements.oval:def:6539 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3365-4 |
The "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Domain Profile. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications |
NaN |
CCE-762 |
Domain-Profile-Firewall-Prohibit-Notifications, Domain-Profile-Display-Notification |
oval:com.secure-elements.oval:def:6545, oval:com.secure-elements.oval:def:6518 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3260-7 |
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Domain Profile. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogDroppedPackets (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Log Dropped Packets |
NaN |
CCE-251 |
NaN |
NaN |
NaN |
NaN |
domain_profile_log_dropped_packets |
oval:gov.nist.fdcc.vistafirewall:def:6401 |
NaN |
NaN |
| CCE-2533-8 |
The log file path and name for the Windows Firewall should be configured correctly for the Domain Profile. |
(1) File path |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogFilePath (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Log file path and name (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Logging\Name |
NaN |
CCE-793 |
NaN |
NaN |
NaN |
NaN |
domain_profile_name |
oval:gov.nist.fdcc.vistafirewall:def:6403 |
NaN |
NaN |
| CCE-3299-5 |
The log file size limit for the Windows Firewall should be configured correctly for the Domain Profile. |
(1) Size limit (KB) |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogFileSize (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Size limit (KB) |
NaN |
CCE-57 |
NaN |
NaN |
NaN |
NaN |
domain_profile_size_limit |
oval:gov.nist.fdcc.vistafirewall:def:6404 |
NaN |
NaN |
| CCE-3414-0 |
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Domain Profile. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogSuccessfulConnections (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Log successful connections |
NaN |
CCE-617 |
NaN |
NaN |
NaN |
NaN |
domain_profile_logged_successful_connections |
oval:gov.nist.fdcc.vistafirewall:def:6402 |
NaN |
NaN |
| CCE-3436-3 |
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Domain Profile. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableUnicastResponsesToMulticastBroadcast |
NaN |
CCE-696 |
Domain-Profile-Firewall-Prohibit-Unicast-Response, Domain-Profile-Allow-Unicast-Response |
oval:com.secure-elements.oval:def:6546, oval:com.secure-elements.oval:def:6519 |
NaN |
NaN |
domain_profile_allow_unicast_response |
oval:gov.nist.fdcc.vistafirewall:def:6519 |
NaN |
NaN |
| CCE-3202-9 |
Domain Profile: Define port exceptions (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts |
NaN |
CCE-114 |
Domain-Profile-Firewall-Define-Inbound-Port-Exceptions |
oval:com.secure-elements.oval:def:6542 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3180-7 |
Domain Profile: Allow local port exceptions (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\AllowUserPrefMerge |
NaN |
CCE-370 |
Domain-Profile-Firewall-Allow-Local-Port-Exceptions |
oval:com.secure-elements.oval:def:6540 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3329-0 |
Standard Profile: Protect all network connections (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall |
NaN |
CCE-273 |
Standard-Profile-Firewall-Protect-All-Network-Connections |
oval:com.secure-elements.oval:def:6559 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3347-2 |
Standard Profile: Do not allow exceptions (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions |
NaN |
CCE-440 |
Standard-Profile-Firewall-Do-Not-Allow-Exceptions |
oval:com.secure-elements.oval:def:6556 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3334-0 |
Standard Profile: Allow local program exceptions (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\AllowUserPrefMerge |
NaN |
CCE-352 |
Standard-Profile-Firewall-Define-Inbound-Program-Exceptions |
oval:com.secure-elements.oval:def:6555 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3352-2 |
Standard Profile: Allow remote administration exception (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Services\RemoteDesktop |
NaN |
CCE-467 |
Standard-Profile-Firewall-Allow-Inbound-Remote-Administration-Exception |
oval:com.secure-elements.oval:def:6549 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3369-6 |
Standard Profile: Allow file and printer sharing exception (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Services\RemoteDesktop\Enabled |
NaN |
CCE-626 |
Standard-Profile-Firewall-Allow-Inbound-File-And-Printer-Sharing-Exception,Standard-Profile-Firewall-Allow-Inbound-File-And-Printer-Sharing-Exceptions |
oval:com.secure-elements.oval:def:6548,oval:com.secure-elements.oval:def:6553 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3387-8 |
Standard Profile: Allow Remote Desktop exception (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Services\RemoteDesktop\Enabled |
NaN |
CCE-354 |
Standard-Profile-Firewall-Allow-Inbound-Remote-Desktop-Exceptions |
oval:com.secure-elements.oval:def:6550 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3268-0 |
Standard Profile: Allow UPnP framework exception (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Services\UPnPFramework\Enabled |
NaN |
CCE-266 |
Standard-Profile-Firewall-Allow-Inbound-UPnP-Framework-Exceptions |
oval:com.secure-elements.oval:def:6551 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3409-0 |
The "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Standard Profile. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications |
NaN |
CCE-901 |
Standard-Profile-Firewall-Prohibit-Notifications |
oval:com.secure-elements.oval:def:6557 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3440-5 |
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Standard Profile. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableUnicastResponsesToMulticastBroadcast |
NaN |
CCE-632 |
Standard-Profile-Firewall-Prohibit-Unicast-Response |
oval:com.secure-elements.oval:def:6558 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3462-9 |
Standard Profile: Define port exceptions (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts |
NaN |
CCE-196 |
Standard-Profile-Firewall-Define-Inbound-Port-Exceptions |
oval:com.secure-elements.oval:def:6554 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3356-3 |
Standard Profile: Allow local port exceptions (SP2 only) |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\AllowUserPrefMerge |
NaN |
CCE-77 |
Standard-Profile-Firewall-Allow-Local-Port-Exceptions |
oval:com.secure-elements.oval:def:6552 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-2999-1 |
Domain Profile - Inbound Connections |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Inbound Connections Tab\ (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction |
NaN |
CCE-249 |
Domain-Profile-Inbound-Connections |
oval:com.secure-elements.oval:def:6516 |
NaN |
NaN |
domain_profile_inbound_connections |
oval:gov.nist.fdcc.vistafirewall:def:6516 |
NaN |
NaN |
| CCE-3439-7 |
Domain Profile - Outbound Connections |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundAction |
NaN |
CCE-485 |
Domain-Profile-Outbound-Connections |
oval:com.secure-elements.oval:def:6517 |
NaN |
NaN |
domain_profile_outbound_connections |
oval:gov.nist.fdcc.vistafirewall:def:6517 |
NaN |
NaN |
| CCE-3457-9 |
Domain Profile - Apply Local Firewall Rules |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalPolicyMerge |
NaN |
CCE-400 |
Domain-Profile-Apply-Local-Firewall-Rules |
oval:com.secure-elements.oval:def:6520 |
NaN |
NaN |
domain_profile_apply_local_firewall_rules |
oval:gov.nist.fdcc.vistafirewall:def:6520 |
NaN |
NaN |
| CCE-2977-7 |
Domain Profile - Apply Local Connection Security Rules |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalIPsecPolicyMerge |
NaN |
CCE-584 |
Domain-Profile-Apply-Local-Connection-Security-Rules |
oval:com.secure-elements.oval:def:6521 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3373-8 |
Private Profile- Firewall State |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewall |
NaN |
CCE-7 |
Private-Profile-Firewall-State |
oval:com.secure-elements.oval:def:6522 |
NaN |
NaN |
private_profile_firewall_state |
oval:gov.nist.fdcc.vistafirewall:def:6522 |
NaN |
NaN |
| CCE-3395-1 |
Private Profile - Inbound Connections |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultInboundAction |
NaN |
CCE-29 |
Private-Profile-Inbound-Connections |
oval:com.secure-elements.oval:def:6523 |
NaN |
NaN |
private_profile_inbound_connections |
oval:gov.nist.fdcc.vistafirewall:def:6523 |
NaN |
NaN |
| CCE-3166-6 |
Private Profile - Outbound Connections |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultOutboundAction |
NaN |
CCE-32 |
Private-Profile-Outbound-Connections |
oval:com.secure-elements.oval:def:6524 |
NaN |
NaN |
private_profile_outbound_connections |
oval:gov.nist.fdcc.vistafirewall:def:6524 |
NaN |
NaN |
| CCE-3417-3 |
User notifications when a program is blocked from receiving inbound connections by Windows Firewall should be enabled or disabled as appropriate for the Private Profile. |
(1) yes/no/not configured |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableNotifications |
NaN |
CCE-38 |
Private-Profile-Display-Notification |
oval:com.secure-elements.oval:def:6525 |
NaN |
NaN |
private_profile_display_notification |
oval:gov.nist.fdcc.vistafirewall:def:6525 |
NaN |
NaN |
| CCE-2924-9 |
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Private Profile. |
(1) enabled/disabled |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableUnicastResponsesToMulticastBroadcast |
NaN |
CCE-70 |
Private-Profile-Allow-Unicast-Response |
oval:com.secure-elements.oval:def:6526 |
NaN |
NaN |
private_profile_allow_unicast_response |
oval:gov.nist.fdcc.vistafirewall:def:6526 |
NaN |
NaN |
| CCE-3360-5 |
Private Profile - Apply Local Firewall Rules |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalPolicyMerge |
NaN |
CCE-117 |
Private-Profile-Apply-Local-Firewall-Rules |
oval:com.secure-elements.oval:def:6527 |
NaN |
NaN |
private_profile_apply_local_firewall_rules |
oval:gov.nist.fdcc.vistafirewall:def:6527 |
NaN |
NaN |
| CCE-2854-8 |
Private Profile - Apply Local Connection Security Rules |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalIPsecPolicyMerge |
NaN |
CCE-199 |
Private-Profile-Apply-Local-Connection-Security-Rules |
oval:com.secure-elements.oval:def:6528 |
NaN |
NaN |
private_profile_apply_local_connection_security_rules |
oval:gov.nist.fdcc.vistafirewall:def:6528 |
NaN |
NaN |
| CCE-3246-6 |
Public Profile- Firewall State |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewall |
NaN |
CCE-295 |
Public-Profile-Firewall-State |
oval:com.secure-elements.oval:def:6529 |
NaN |
NaN |
public_profile_firewall_state |
oval:gov.nist.fdcc.vistafirewall:def:6529 |
NaN |
NaN |
| CCE-3263-1 |
Public Profile - Inbound Connections |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultInboundAction |
NaN |
CCE-338 |
Public-Profile-Inbound-Connections |
oval:com.secure-elements.oval:def:6530 |
NaN |
NaN |
public_profile_inbound_connections |
oval:gov.nist.fdcc.vistafirewall:def:6530 |
NaN |
NaN |
| CCE-3351-4 |
Public Profile - Outbound Connections |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultOutboundAction |
NaN |
CCE-342 |
Public-Profile-Outbound-Connections |
oval:com.secure-elements.oval:def:6531 |
NaN |
NaN |
public_profile_outbound_connections |
oval:gov.nist.fdcc.vistafirewall:def:6531 |
NaN |
NaN |
| CCE-2998-3 |
User notifications when a program is blocked from receiving inbound connections by Windows Firewall should be enabled or disabled as appropriate for the Public Profile. |
(1) yes/no/not configured |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableNotifications |
NaN |
CCE-390 |
Public-Profile-Display-Notification |
oval:com.secure-elements.oval:def:6532 |
NaN |
NaN |
public_profile_display_notification |
oval:gov.nist.fdcc.vistafirewall:def:6532 |
NaN |
NaN |
| CCE-2641-9 |
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Public Profile. |
(1) enabled/disabled |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableUnicastResponsesToMulticastBroadcast |
NaN |
CCE-414 |
Public-Profile-Allow-Unicast-Response |
oval:com.secure-elements.oval:def:6533 |
NaN |
NaN |
public_profile_allow_unicast_response |
oval:gov.nist.fdcc.vistafirewall:def:6533 |
NaN |
NaN |
| CCE-2650-0 |
Public Profile - Apply Local Firewall Rules |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalPolicyMerge |
NaN |
CCE-421 |
Public-Profile-Apply-Local-Firewall-Rules |
oval:com.secure-elements.oval:def:6534 |
NaN |
NaN |
public_profile_apply_local_firewall_rules |
oval:gov.nist.fdcc.vistafirewall:def:6534 |
NaN |
NaN |
| CCE-3426-4 |
Public Profile - Apply Local Connection Security Rules |
NaN |
(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalIPsecPolicyMerge |
NaN |
CCE-437 |
Public-Profile-Apply-Local-Connection-Security-Rules |
oval:com.secure-elements.oval:def:6535 |
NaN |
NaN |
public_profile_apply_local_connection_security_rules |
oval:gov.nist.fdcc.vistafirewall:def:6535 |
NaN |
NaN |
| CCE-3320-9 |
Logon - Do not process the legacy run list |
NaN |
(1) Computer Configuration\Administrative Templates\System\Logon (2) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableLocalMachineRun |
NaN |
CCE-503 |
Do-Not-Process-Legacy-Run-List |
oval:com.secure-elements.oval:def:6560 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3086-6 |
Logon - Do not process the run once list |
NaN |
(1) Computer Configuration\Administrative Templates\System\Logon (2) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableLocalMachineRunOnce |
NaN |
CCE-583 |
Do-Not-Process-Run-Once-List |
oval:com.secure-elements.oval:def:6561 |
do_not_process_run_once_list |
oval:gov.nist.fdcc.vista:def:6561 |
NaN |
NaN |
NaN |
NaN |
| CCE-3452-0 |
Group Policy - Registry policy processing |
NaN |
(1) Computer Configuration\Administrative Templates\System\Group Policy (2) HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoGPOListChanges |
NaN |
CCE-584 |
Registry-Policy-Processing |
oval:com.secure-elements.oval:def:6562 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3364-7 |
Turn off Internet download for Web publishing and online ordering wizards |
NaN |
(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices |
NaN |
CCE-691 |
Turn-off-Internet-download-for-Web-publishing-and-online-ordering-wizards |
oval:com.secure-elements.oval:def:6568 |
Turn-off-Internet-download-for-Web-publishing-and-online-ordering-wizards |
oval:gov.nist.fdcc.vista:def:6568 |
NaN |
NaN |
NaN |
NaN |
| CCE-3259-9 |
Turn off the Windows Messenger Customer Experience Improvement Program |
NaN |
(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP |
NaN |
CCE-722 |
Turn-off-the-Windows-Messenger-Customer-Experience-Improvement-Program |
oval:com.secure-elements.oval:def:6569 |
Turn-off-the-Windows-Messenger-Customer-Experience-Improvement-Program |
oval:gov.nist.fdcc.vista:def:6569 |
NaN |
NaN |
NaN |
NaN |
| CCE-2778-9 |
Turn off Search Companion content file updates |
NaN |
(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdates |
NaN |
CCE-818 |
Turn-off-Search-Companion-content-file-updates |
oval:com.secure-elements.oval:def:6570 |
Turn-off-Search-Companion-content-file-updates |
oval:gov.nist.fdcc.vista:def:6570 |
NaN |
NaN |
NaN |
NaN |
| CCE-3421-5 |
Turn off printing over HTTP |
NaN |
(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting |
NaN |
CCE-852 |
Turn-off-printing-over-HTTP |
oval:com.secure-elements.oval:def:6571 |
Turn-off-printing-over-HTTP |
oval:gov.nist.fdcc.vista:def:6571 |
NaN |
NaN |
NaN |
NaN |
| CCE-2754-0 |
Turn off downloading of print drivers over HTTP |
NaN |
(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload |
NaN |
CCE-887 |
Turn-off-downloading-of-print-drivers-over-HTTP |
oval:com.secure-elements.oval:def:6572 |
turn_off_downloading_of_print_drivers_over_http |
oval:gov.nist.fdcc.vista:def:6572 |
NaN |
NaN |
NaN |
NaN |
| CCE-3278-9 |
Turn off Windows Update device driver searching |
NaN |
(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate |
NaN |
CCE-927 |
Turn-off-Windows-Update-device-driver-searching |
oval:com.secure-elements.oval:def:6573 |
Turn-off-Windows-Update-device-driver-searching |
oval:gov.nist.fdcc.vista:def:6573 |
NaN |
NaN |
NaN |
NaN |
| CCE-2471-1 |
Enumerate administrator accounts on elevation |
NaN |
(1) Computer Configuration\Administrative Templates\System\Credential User Interface (2) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators |
NaN |
CCE-935 |
Enumerate-administrator-accounts-on-elevation |
oval:com.secure-elements.oval:def:6575 |
enumerate_administrator_accounts_on_elevation |
oval:gov.nist.fdcc.vista:def:6575 |
NaN |
NaN |
NaN |
NaN |
| CCE-3310-0 |
Require trusted path for credential entry |
NaN |
(1) Computer Configuration\Administrative Templates\System\Credential User Interface (2) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnableSecureCredentialPrompting |
NaN |
CCE-255 |
Require-trusted-path-for-credential-entry |
oval:com.secure-elements.oval:def:6576 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3327-4 |
Deny all add-ons unless specifically allowed in the Add-on List |
NaN |
(1) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management (2) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList |
NaN |
CCE-466 |
Deny-all-add-ons-unless-specifically-allowed-in-the-Add-on-List |
oval:com.secure-elements.oval:def:6594 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-2975-1 |
The "Do not allow passwords to be saved" setting should be configured correctly for Terminal Services. |
NaN |
(1) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Remote Desktop Connection (2) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DisablePasswordSaving |
NaN |
CCE-976 |
Do-not-allow-passwords-to-be-saved |
oval:com.secure-elements.oval:def:6596 |
Do-not-allow-passwords-to-be-saved |
oval:gov.nist.fdcc.vista:def:6596 |
NaN |
NaN |
NaN |
NaN |
| CCE-2874-6 |
The "Do not allow drive redirection" setting should be configured correctly for Terminal Services. |
NaN |
(1) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Device and Resource Redirection (2) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCdm |
NaN |
CCE-648 |
Do-not-allow-drive-redirection |
oval:com.secure-elements.oval:def:6598 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3415-7 |
Access to registry editing tools is set correctly. |
NaN |
(1) User Configuration\Administrative Templates\System (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools |
NaN |
CCE-405 |
NaN |
oval:com.secure-elements.oval:def:6500 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3169-0 |
Prompt for password on resume from hibernate/suspend is set correctly. |
NaN |
(1) User Configuration\Administrative Templates\System\Power Mangement (2) HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Power\PromptPasswordOnResume |
NaN |
CCE-509 |
Prompt-for-password-on-resume-from-hibernate-suspend |
oval:com.secure-elements.oval:def:6714 |
prompt_for_password_on_resume_from_hibernate_suspend |
oval:gov.nist.fdcc.vista:def:6714 |
NaN |
NaN |
NaN |
NaN |
| CCE-3437-1 |
Do not preserve zone information in file attachments is set correcly. |
NaN |
(1) User Configuration\Administrative Templates\System\Attachment Manager (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation |
NaN |
CCE-12 |
Do-not-preserve-zone-information-in-file-attachments |
oval:com.secure-elements.oval:def:6502 |
do_not_preserve_zone_information_in_file_attachments |
oval:gov.nist.fdcc.vista:def:6502 |
NaN |
NaN |
NaN |
NaN |
| CCE-2979-3 |
Hide mechanisms to remove zone information is set correcly. |
NaN |
(1) User Configuration\Administrative Templates\System\Attachment Manager (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\HideZoneInfoOnProperties |
NaN |
CCE-58 |
Hide-mechanisms-to-remove-zone-information |
oval:com.secure-elements.oval:def:6503 |
hide_mechanisms_to_remove_zone_information |
oval:gov.nist.fdcc.vista:def:6503 |
NaN |
NaN |
NaN |
NaN |
| CCE-3300-1 |
Notify antivirus programs when opening attachments is set correcly. |
NaN |
(1) User Configuration\Administrative Templates\System\Attachment Manager (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus |
NaN |
CCE-372 |
Notify-antivirus-programs-when-opening-attachments |
oval:com.secure-elements.oval:def:6504 |
notify_antivirus_programs_when_opening_attachments |
oval:gov.nist.fdcc.vista:def:6504 |
NaN |
NaN |
NaN |
NaN |
| CCE-3305-0 |
Outlook Express attachment blocking is set correctly. |
NaN |
(1) User Configuration\Administrative Templates\Windows Components\Internet Explorer (2) HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\BlockExeAttachments |
NaN |
CCE-886 |
NaN |
oval:com.secure-elements.oval:def:6505 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3450-4 |
Audit: Force audit policy subcategory settings are set correcly. |
NaN |
(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options (2) HKEY_LOCAL_MACHINE\System\Currentcontrolset\Control\Lsa\SCENoApplyLegacyAuditPolicy |
NaN |
CCE-111 |
override-audit-policy-settings |
oval:com.secure-elements.oval:def:6026 |
override-audit-policy-settings |
oval:gov.nist.fdcc.vista:def:6026 |
NaN |
NaN |
NaN |
NaN |
| CCE-3102-1 |
The "Log Access For Setup Log" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup\ChannelAccess |
NaN |
CCE-1044 |
Log-Access-For-Setup-Log |
oval:com.secure-elements.oval:def:6701 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3388-6 |
The startup type of the Windows Search service should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service\Start |
NaN |
CCE-84 |
Windows-Search |
oval:com.secure-elements.oval:def:6148 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3270-6 |
The startup type of Microsoft Peer-to-Peer Networking Services should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Disabled |
NaN |
CCE-86 |
Turn-Off-Microsoft-Peer-to-Peer-Networking-Services |
oval:com.secure-elements.oval:def:6662 |
turn_off_microsoft_peer_to_peer_networking_services |
oval:gov.nist.fdcc.vista:def:6662 |
NaN |
NaN |
NaN |
NaN |
| CCE-3045-2 |
The "Prohibit Access of the Windows Connect Now Wizards" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\UI\DisableWcnUi |
NaN |
CCE-629 |
Prohibit-Access-of-the-Windows-Connect-Now-Wizards |
oval:com.secure-elements.oval:def:6665 |
prohibit_access_of_the_windows_connect_now_wizards |
oval:gov.nist.fdcc.vista:def:6666 |
NaN |
NaN |
NaN |
NaN |
| CCE-3331-6 |
The "Allow remote access to the PnP interface" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPC |
NaN |
CCE-593 |
Allow-remote-access-to-the-PnP-interface |
oval:com.secure-elements.oval:def:6667 |
allow_remote_access_to_the_pnp_interface |
oval:gov.nist.fdcc.vista:def:6667 |
NaN |
NaN |
NaN |
NaN |
| CCE-3464-5 |
The "Do not create system restore point when new device driver installed" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore |
NaN |
CCE-849 |
Do-not-create-system-restore-point-when-new-device-driver-installed |
oval:com.secure-elements.oval:def:6668 |
do_not_create_system_restore_point_when_new_device_driver_installed |
oval:gov.nist.fdcc.vista:def:6668 |
NaN |
NaN |
NaN |
NaN |
| CCE-3468-6 |
The "Do not send a Windows Error Report when a generic driver is installed on a device" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWER |
NaN |
CCE-571 |
Do-not-send-Windows-Error-Report-when-generic-driver-is-installed-on-device |
oval:com.secure-elements.oval:def:6669 |
do_not_send_windows_error_report_when_generic_driver_is_installed_on_device |
oval:gov.nist.fdcc.vista:def:6669 |
NaN |
NaN |
NaN |
NaN |
| CCE-3362-1 |
The "Turn Off Access to All Windows Update Feature" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\DisableWindowsUpdateAccess |
NaN |
CCE-91 |
Turn-Off-Access-to-All-Windows-Update-Feature |
oval:com.secure-elements.oval:def:6673 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3454-6 |
The "Turn Off Automatic Root Certificates Update" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate |
NaN |
CCE-858 |
Turn-Off-Automatic-Root-Certificates-Update |
oval:com.secure-elements.oval:def:6674 |
turn_off_automatic_root_certificates_update |
oval:gov.nist.fdcc.vista:def:6674 |
NaN |
NaN |
NaN |
NaN |
| CCE-3348-0 |
The "Turn Off Event Views 'Events.asp' Links" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinks |
NaN |
CCE-263 |
Turn-Off-Event-Views-Events.asp-Links |
oval:com.secure-elements.oval:def:6675 |
turn_off_event_views_events.asp_links |
oval:gov.nist.fdcc.vista:def:6675 |
NaN |
NaN |
NaN |
NaN |
| CCE-2868-8 |
The "Turn Off Handwriting Reconition Error Reporting" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReports |
NaN |
CCE-430 |
Turn-Off-Handwriting-Reconition-Error-Reporting |
oval:com.secure-elements.oval:def:6676 |
turn_off_handwriting_reconition_error_reporting |
oval:gov.nist.fdcc.vista:def:6676 |
NaN |
NaN |
NaN |
NaN |
| CCE-2877-9 |
The "Turn Off Help and Support Center "Did You Know?" Content" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\HelpSvc\Headlines |
NaN |
CCE-756 |
Turn-Off-Help-and-Support-Center-Did-you-Know-Content |
oval:com.secure-elements.oval:def:6677 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3406-6 |
The "Turn Off Help and Support Center Microsoft Knowledge Base Search" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\HelpSvc\MicrosoftKBSearchs |
NaN |
CCE-1029 |
Turn-Off-Help-and-Support-Center-Microsoft-Knowledge-Base-Search |
oval:com.secure-elements.oval:def:6678 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3432-2 |
The "Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Internet Connection Wizard\ExitOnMSICW |
NaN |
CCE-1055 |
Turn-Off-Internet-Connection-Wizard-if-URL-Connection-is-Referring-to-Microsoft.com |
oval:com.secure-elements.oval:def:6679 |
turn_off_internet_connection_wizard_if_url_connection_is_referring_to_microsoft.com |
oval:gov.nist.fdcc.vista:def:6679 |
NaN |
NaN |
NaN |
NaN |
| CCE-2697-1 |
The "Turn Off Internet File Association Service" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith |
NaN |
CCE-1064 |
Turn-Off-Internet-File-Association-Service |
oval:com.secure-elements.oval:def:6680 |
Turn-Off-Internet-File-Association-Service |
oval:gov.nist.fdcc.vista:def:6680 |
NaN |
NaN |
NaN |
NaN |
| CCE-3093-2 |
The "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control\NoRegistration |
NaN |
CCE-88 |
Turn-Off-Registration-if-URL-Connection-is-Referring-to-Microsoft.com |
oval:com.secure-elements.oval:def:6681 |
Turn-Off-Registration-if-URL-Connection-is-Referring-to-Microsoft.com |
oval:gov.nist.fdcc.vista:def:6681 |
NaN |
NaN |
NaN |
NaN |
| CCE-3115-3 |
The "Turn Off the 'Order Prints' Picture Task" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizard |
NaN |
CCE-375 |
Turn-Off-the-Order-Prints-Picture-Task |
oval:com.secure-elements.oval:def:6682 |
Turn-Off-the-Order-Prints-Picture-Task |
oval:gov.nist.fdcc.vista:def:6682 |
NaN |
NaN |
NaN |
NaN |
| CCE-2477-8 |
The "Turn off the 'Publish to Web' task for files and folders" setting should be configured correctly. |
(1) enabled/disabled |
(1) [HKEY_LOCAL_MACHINE | HKEY_CURRENT_USER] \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizard |
NaN |
CCE-1009 |
Turn-off-the-Publish-to-Web-task-for-files-and-folders |
oval:com.secure-elements.oval:def:6567 |
Turn-off-the-Publish-to-Web-task-for-files-and-folders |
oval:gov.nist.fdcc.vista:def:6567 |
NaN |
NaN |
NaN |
NaN |
| CCE-3403-3 |
The "Turn Off Windows Movies Maker Automatic Codec Downloads" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\CodecDownload |
NaN |
CCE-1040 |
Turn-Off-Windows-Movies-Maker-Automatic-Codec-Downloads |
oval:com.secure-elements.oval:def:6696 |
Turn-Off-Windows-Movies-Maker-Automatic-Codec-Downloads |
oval:gov.nist.fdcc.vista:def:6696 |
NaN |
NaN |
NaN |
NaN |
| CCE-3297-9 |
The "Turn Off Windows Movie Maker Online Web Links" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\WebHelp |
NaN |
CCE-1062 |
Turn-Off-Windows-Movie-Maker-Online-Web-Links |
oval:com.secure-elements.oval:def:6684 |
Turn-Off-Windows-Movie-Maker-Online-Web-Links |
oval:gov.nist.fdcc.vista:def:6684 |
NaN |
NaN |
NaN |
NaN |
| CCE-3385-2 |
The "Turn Off Windows Movie Maker Saving to Online Video Hosting Provider" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\WebPublish |
NaN |
CCE-93 |
Turn-Off-Windows-Movie-Maker-Saving-to-Online-Video-Hosting-Provider |
oval:com.secure-elements.oval:def:6697 |
Turn-Off-Windows-Movie-Maker-Saving-to-Online-Video-Hosting-Provider |
oval:gov.nist.fdcc.vista:def:6697 |
NaN |
NaN |
NaN |
NaN |
| CCE-2781-3 |
The "Don't Display the Getting Started Welcome Screen at Logon" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWelcomeScreen |
NaN |
CCE-1020 |
Do-Not-Display-the-Getting-Started-Welcome-Screen-at-Logon |
oval:com.secure-elements.oval:def:6687 |
Do-Not-Display-the-Getting-Started-Welcome-Screen-at-Logon |
oval:gov.nist.fdcc.vista:def:6687 |
NaN |
NaN |
NaN |
NaN |
| CCE-2922-3 |
The "Turn off Windows Startup Sound" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableStartupSound |
NaN |
CCE-681 |
Turn-off-Windows-Startup-Sound |
oval:com.secure-elements.oval:def:6688 |
Turn-off-Windows-Startup-Sound |
oval:gov.nist.fdcc.vista:def:6688 |
NaN |
NaN |
NaN |
NaN |
| CCE-2821-7 |
The "Require a Password when a Computer Wakes (On Battery)" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex |
NaN |
CCE-346 |
Require-a-Password-when-a-Computer-Wakes-On-Battery |
oval:com.secure-elements.oval:def:6689 |
Require-a-Password-when-a-Computer-Wakes-On-Battery |
oval:gov.nist.fdcc.vista:def:6689 |
NaN |
NaN |
NaN |
NaN |
| CCE-3469-4 |
The "Require a Password when a Computer Wakes (Plugged)" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex |
NaN |
CCE-1011 |
Require-a-Password-when-a-Computer-Wakes-Plugged |
oval:com.secure-elements.oval:def:6690 |
Require-a-Password-when-a-Computer-Wakes-Plugged |
oval:gov.nist.fdcc.vista:def:6690 |
NaN |
NaN |
NaN |
NaN |
| CCE-2742-5 |
The "Allow only Vista or later connections" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\CreateEncryptedOnlyTickets |
NaN |
CCE-1007 |
Allow-only-Vista-or-later-connections |
oval:com.secure-elements.oval:def:6691 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-2887-8 |
The "Customization Warning Messages" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\UseCustomMessages |
NaN |
CCE-923 |
Customization-Warning-Messages |
oval:com.secure-elements.oval:def:6692 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3407-4 |
The "Turn on bandwidth optimization" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\UseBandwidthOptimization |
NaN |
CCE-1056 |
Turn-on-bandwidth-optimization |
oval:com.secure-elements.oval:def:6693 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3271-4 |
The "Turn on session logging" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\LoggingEnabled |
NaN |
CCE-835 |
Turn-on-session-logging |
oval:com.secure-elements.oval:def:6694 |
turn_on_session_logging |
oval:gov.nist.fdcc.vista:def:6694 |
NaN |
NaN |
NaN |
NaN |
| CCE-3288-8 |
The "Prevent IIS Installation" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\IIS\PreventIISInstall |
NaN |
CCE-474 |
Prevent-IIS-Installation |
oval:com.secure-elements.oval:def:6107 |
Prevent-IIS-Installation |
oval:gov.nist.fdcc.vista:def:6107 |
NaN |
NaN |
NaN |
NaN |
| CCE-3434-8 |
The "Turn off Active Help" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Assistance\Client\1.0\NoActiveHelp |
NaN |
CCE-557 |
Turn-Off-Active-Help |
oval:com.secure-elements.oval:def:6108 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3046-0 |
The "Turn off Untrusted Content" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Assistance\Client\1.0\NoUntrustedContent |
NaN |
CCE-95 |
Turn-Off-Untrusted-Content |
oval:com.secure-elements.oval:def:6109 |
turn_off_untrusted_content |
oval:gov.nist.fdcc.vista:def:6109 |
NaN |
NaN |
NaN |
NaN |
| CCE-3477-7 |
The "Turn off downloading of enclosures" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload |
NaN |
CCE-767 |
Turn-off-downloading-enclosures |
oval:com.secure-elements.oval:def:6110 |
turn_off_downloading_enclosures |
oval:gov.nist.fdcc.vista:def:6110 |
NaN |
NaN |
NaN |
NaN |
| CCE-3376-1 |
The "Allow indexing of encrypted files" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems |
NaN |
CCE-1049 |
Allow-indexing-of-encrypted-files |
oval:com.secure-elements.oval:def:6704 |
Allow-indexing-of-encrypted-files |
oval:gov.nist.fdcc.vista:def:6704 |
NaN |
NaN |
NaN |
NaN |
| CCE-3143-5 |
The "Prevent indexing uncached Exchange folders" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventIndexingUncachedExchangeFolders |
NaN |
CCE-1058 |
Prevent-indexing-uncached-Exchange-folders |
oval:com.secure-elements.oval:def:6705 |
Prevent-indexing-uncached-Exchange-folders |
oval:gov.nist.fdcc.vista:def:6705 |
NaN |
NaN |
NaN |
NaN |
| CCE-2914-0 |
The "Turn off Windows Calendar" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\TurnOffWinCal |
NaN |
CCE-441 |
Turn-off-Windows-Calendar |
oval:com.secure-elements.oval:def:6111 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3178-1 |
The "Allow Corporate redirection of Customer Experience Improvement uploads" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\CorporateSQMURL |
NaN |
CCE-97 |
Allow-Corporate-Redirection-Customer-Experience-Improvement-Program-Uploads |
oval:com.secure-elements.oval:def:6112 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3209-4 |
The "Turn off Windows Defender" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\DisableAntiSpyware |
NaN |
CCE-728 |
Turn-off-Windows-Defender |
oval:com.secure-elements.oval:def:6113 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-2962-9 |
The "Turn off Heap termination on corruption" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption |
NaN |
CCE-384 |
Turn-off-heap-termination-corruption |
oval:com.secure-elements.oval:def:6118 |
turn_off_heap_termination_corruption |
oval:gov.nist.fdcc.vista:def:6118 |
NaN |
NaN |
NaN |
NaN |
| CCE-3125-2 |
The "Turn off shell protocol protected mode" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior |
NaN |
CCE-480 |
Turn-off-shell-protocol-protected-mode |
oval:com.secure-elements.oval:def:6119 |
turn_off_shell_protocol_protected_mode |
oval:gov.nist.fdcc.vista:def:6119 |
NaN |
NaN |
NaN |
NaN |
| CCE-3398-5 |
The "Prohibit non-administrators from applying vendor signed updates" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatching |
NaN |
CCE-612 |
Prohibit-Non-Administrators-applying-vendorpatches |
oval:com.secure-elements.oval:def:6122 |
prohibit_non_administrators_install_signed_updates |
oval:gov.nist.fdcc.vista:def:6122 |
NaN |
NaN |
NaN |
NaN |
| CCE-3341-5 |
The "Report Logon Server Not Available During User logon" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ReportControllerMissing |
NaN |
CCE-392 |
Report-logon-server-not-available-during-user-logon |
oval:com.secure-elements.oval:def:6123 |
report_logon_server_not_available_during_user_logon |
oval:gov.nist.fdcc.vista:def:6123 |
NaN |
NaN |
NaN |
NaN |
| CCE-2521-3 |
The "Turn off the communitication features" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Mail\DisableCommunities |
NaN |
CCE-96 |
Turn-off-communication-features |
oval:com.secure-elements.oval:def:6124 |
turn_off_communities_features |
oval:gov.nist.fdcc.vista:def:6124 |
NaN |
NaN |
NaN |
NaN |
| CCE-2525-4 |
The "Turn off Windows Mail application" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Mail\ManualLaunchAllowed |
NaN |
CCE-331 |
Turn-off-windows-mail-app |
oval:com.secure-elements.oval:def:6125 |
turn_off_windows_mail_app |
oval:gov.nist.fdcc.vista:def:6125 |
NaN |
NaN |
NaN |
NaN |
| CCE-3486-8 |
The "Prevent Windows Media DRM Internet Access" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM\DisableOnline |
NaN |
CCE-1089 |
Prevent-Windows-Media-DRM-Internet-Access |
oval:com.secure-elements.oval:def:6126 |
prevent_windows_media_drm_internet_access |
oval:gov.nist.fdcc.vista:def:6126 |
NaN |
NaN |
NaN |
NaN |
| CCE-2557-7 |
The "Turn off Windows Meeting Space" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Collaboration\TurnOffWindowsCollaboration |
NaN |
CCE-992 |
Turn-off-windows-meeting-space |
oval:com.secure-elements.oval:def:6127 |
turn_off_windows_meeting_space |
oval:gov.nist.fdcc.vista:def:6127 |
NaN |
NaN |
NaN |
NaN |
| CCE-3328-2 |
The "Turn on Windows Meeting Space audting" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Collaboration\TurnOnWindowsCollaborationAuditing |
NaN |
CCE-105 |
Turn-on-windows-meeting-space-auditing |
oval:com.secure-elements.oval:def:6128 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-3456-1 |
The "Disable unpacking and installation of gadgets that are not digitally signed" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffUnsignedGadgets |
NaN |
CCE-297 |
Disable-unpacking-installation-gadgets-not-digitally-signed |
oval:com.secure-elements.oval:def:6129 |
disable_unpacking_installation_gadgets_not_digitally_signed |
oval:gov.nist.fdcc.vista:def:6129 |
NaN |
NaN |
NaN |
NaN |
| CCE-3214-4 |
The "Override the More Gadgets Link" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\OverrideMoreGadgetsLink |
NaN |
CCE-702 |
Override-more-gadgets-Lnk |
oval:com.secure-elements.oval:def:6130 |
override_more_gadgets_lnk |
oval:gov.nist.fdcc.vista:def:6130 |
NaN |
NaN |
NaN |
NaN |
| CCE-3500-6 |
The "Turn Off User Installed Windows Sidebar Gadgets" setting should be configured correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffUserInstalledGadgets |
NaN |
CCE-644 |
Turn-off-user-installed-windows-sidebar-gidgets |
oval:com.secure-elements.oval:def:6131 |
turn_off_user_installed_windows_sidebar_gidgets |
oval:gov.nist.fdcc.vista:def:6131 |
NaN |
NaN |
NaN |
NaN |
| CCE-3482-7 |
The "Do not allow Digital Locker to run" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration\Administrative Templates\Windows Components\Digital Locker |
NaN |
CCE-1747 |
do_not_allow_digital_locker_to_run_var |
oval:gov.nist.fdcc.vista:def:6698 |
do_not_allow_digital_locker_to_run |
oval:gov.nist.fdcc.vista:def:6698 |
NaN |
NaN |
NaN |
NaN |
| CCE-2755-7 |
The "Turn Off Downloading of Game Information" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Components\Game Explorer |
NaN |
CCE-1778 |
turn_off_downloading_of_game_information |
oval:gov.nist.fdcc.vista:def:6703 |
turn_off_downloading_of_game_information |
oval:gov.nist.fdcc.vista:def:6703 |
NaN |
NaN |
NaN |
NaN |
| CCE-2865-4 |
The "IPv6 Block of Protocols 41" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Outbound Rules |
NaN |
CCE-1795 |
ipv6_block_protocols_41 |
oval:gov.nist.fdcc.vistafirewall:def:6491 |
NaN |
NaN |
ipv6_block_protocols_41 |
oval:gov.nist.fdcc.vistafirewall:def:6491 |
NaN |
NaN |
| CCE-3508-9 |
The "IPv6 Block of UDP 3544" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Outbound Rules |
NaN |
CCE-1293 |
ipv6_block_udp_3544 |
oval:gov.nist.fdcc.vistafirewall:def:6492 |
NaN |
NaN |
ipv6_block_udp_3544 |
oval:gov.nist.fdcc.vistafirewall:def:6492 |
NaN |
NaN |
| CCE-4662-3 |
The "Enforce user logon restrictions" policy should be set correctly. |
(1) enabled/disabled |
NaN |
NaN |
CCE-227 |
NaN |
NaN |
kerberos-enforce-user-logon-restrictions |
oval:gov.nist.fdcc.vista:def:987651 |
NaN |
NaN |
NaN |
NaN |
| CCE-4666-4 |
The "Maximum Service Ticket Litfetime" policy should be set correctly. |
(1) number of minutes |
NaN |
NaN |
CCE-6 |
NaN |
NaN |
kerberos_maximum_lifetime_service_ticket |
oval:gov.nist.fdcc.vista:def:987652 |
NaN |
NaN |
NaN |
NaN |
| CCE-3936-2 |
The "Maximum User Ticket Lifetime" policy should be set correctly. |
(1) number of hours |
NaN |
NaN |
CCE-37 |
NaN |
NaN |
kerberos_maximum_lifetime_user_ticket |
oval:gov.nist.fdcc.vista:def:987653 |
NaN |
NaN |
NaN |
NaN |
| CCE-4755-5 |
The "Maximum User Renewal Lifetime" policy should be set correctly. |
(1) number of days |
NaN |
NaN |
CCE-33 |
NaN |
NaN |
kerberos_maximum_lifetime_user_ticket_renewal |
oval:gov.nist.fdcc.vista:def:987654 |
NaN |
NaN |
NaN |
NaN |
| CCE-4702-7 |
The "Maximum tolerance for computer clock synchronization" policy should be set correctly. |
(1) number of minutes |
NaN |
NaN |
CCE-588 |
NaN |
NaN |
kerberos_maximum_tolerance_computer_clock_synchronization |
oval:gov.nist.fdcc.vista:def:987655 |
NaN |
NaN |
NaN |
NaN |
| CCE-3949-5 |
TCP/IP PMTU Discovery should be properly configured. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery |
NaN |
CCE-998 |
NaN |
NaN |
allow-automatic-detection-mtu-size |
oval:gov.nist.fdcc.vista:def:407 |
NaN |
NaN |
NaN |
NaN |
| CCE-4904-9 |
Kerberos and RSVP Traffic Protected by IPSec should be properly configured. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSEC\NoDefaultExempt |
NaN |
CCE-501 |
NaN |
NaN |
enable-nodefaultexempt-IPSec-Filtering |
oval:gov.nist.fdcc.vista:def:116 |
NaN |
NaN |
NaN |
NaN |
| CCE-4781-1 |
The "Remotely accessible registry paths and subpaths" policy should be set correctly. |
(1) set of paths |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths and subpaths |
NaN |
CCE-1185 |
NaN |
NaN |
Remotely-accessible-registry-paths-and-sub-paths |
oval:gov.nist.fdcc.vista:def:6076 |
NaN |
NaN |
NaN |
NaN |
| CCE-4922-1 |
The "LAN Manager Authentication Level" policy should be set correctly. |
(1) authentication level |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LMCompatibilityLevel (2) defined by Local or Group Policy |
NaN |
CCE-719 |
NaN |
NaN |
Lan-manager-authentication-level |
oval:gov.nist.fdcc.vista:def:6094 |
NaN |
NaN |
NaN |
NaN |
| CCE-4940-3 |
The "LDAP client signing requirements" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity (2) defined by Local or Group Policy |
NaN |
CCE-732 |
NaN |
NaN |
LDAP-client-signing-requirements |
oval:gov.nist.fdcc.vista:def:6095 |
NaN |
NaN |
NaN |
NaN |
| CCE-4583-1 |
The "Minimum session security for NTLM SSP based clients" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec (2) defined by Local or Group Policy |
NaN |
CCE-674 |
NaN |
NaN |
minimum-session-security-ntlm-ssp-based-clients |
oval:gov.nist.fdcc.vista:def:6096 |
NaN |
NaN |
NaN |
NaN |
| CCE-4213-5 |
The "Minimum session security for NTLM SSP based servers" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec (2) defined by Local or Group Policy |
NaN |
CCE-766 |
NaN |
NaN |
minimum-session-security-ntlm-ssp-based-servers |
oval:gov.nist.fdcc.vista:def:6097 |
NaN |
NaN |
NaN |
NaN |
| CCE-4107-9 |
The "Recovery Console: Allow Automatic Administrative Logon" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel (2) defined by Local or Group Policy |
NaN |
CCE-410 |
NaN |
NaN |
recovery-console-allow-administrative-logon |
oval:gov.nist.fdcc.vista:def:6098 |
NaN |
NaN |
NaN |
NaN |
| CCE-3953-7 |
The "Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand (2) defined by Local or Group Policy |
NaN |
CCE-76 |
NaN |
NaN |
recovery-console-allow-floppy-copy-access-all-drives-folders |
oval:gov.nist.fdcc.vista:def:6099 |
NaN |
NaN |
NaN |
NaN |
| CCE-3954-5 |
The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon (2) defined by Local or Group Policy |
NaN |
CCE-224 |
NaN |
NaN |
shutdown-allow-system-shutdown-without-having-logon |
oval:gov.nist.fdcc.vista:def:6100 |
NaN |
NaN |
NaN |
NaN |
| CCE-3969-3 |
The "Clear Virtual Memory Pagefile at shutdown" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown (2) defined by Local or Group Policy |
NaN |
CCE-422 |
NaN |
NaN |
shutdown-clear-virtual-memory-page |
oval:gov.nist.fdcc.vista:def:6101 |
NaN |
NaN |
NaN |
NaN |
| CCE-4774-6 |
The "Use FIPS compliant algorithms for encryption, hashing, and signing" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy (2) defined by Local or Group Policy |
NaN |
CCE-55 |
NaN |
NaN |
system-cryptography-use-fips-compliant-alorithm |
oval:gov.nist.fdcc.vista:def:6102 |
NaN |
NaN |
NaN |
NaN |
| CCE-4841-3 |
The "Require Case Insensitivity for Non-Windows Sybsystems" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive (2) defined by Local or Group Policy |
NaN |
CCE-300 |
NaN |
NaN |
system-objects-require-case-insesitivity |
oval:gov.nist.fdcc.vista:def:6104 |
NaN |
NaN |
NaN |
NaN |
| CCE-4011-3 |
The "Strengthen Default Permissions of Global System Objects" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode (2) defined by Local or Group Policy |
NaN |
CCE-508 |
NaN |
NaN |
system-objects-strengthen-default-permissions-internal-system-objects |
oval:gov.nist.fdcc.vista:def:6105 |
NaN |
NaN |
NaN |
NaN |
| CCE-4955-1 |
The "User Account Control: Admin Approval Mode for the Built-in Administrator account" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Admin Approval Mode for the Built-in Administrator account |
NaN |
CCE-1078 |
NaN |
NaN |
admin_approval_mode |
oval:gov.nist.fdcc.vista:def:8081 |
NaN |
NaN |
NaN |
NaN |
| CCE-4016-2 |
The "Behavior of the elevation prompt for administrators in Admin Approval Mode" setting should be configured correctly. |
(1) Prompt for consent/Prompt for credentials/Automatically deny |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode |
NaN |
CCE-1063 |
NaN |
NaN |
behavior_elevation_prompt_administrators |
oval:gov.nist.fdcc.vista:def:8082 |
NaN |
NaN |
NaN |
NaN |
| CCE-4969-2 |
The "Behavior of the elevation prompt for standard users" setting should be configured correctly. |
(1) Prompt for credentials/Automatically deny |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for standard users |
NaN |
CCE-1067 |
NaN |
NaN |
behavior_elevation_prompt_standard_users |
oval:gov.nist.fdcc.vista:def:8083 |
NaN |
NaN |
NaN |
NaN |
| CCE-4612-8 |
The "User Account Control: Detect application installations and prompt for elevation" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Detect application installations and prompt for elevation |
NaN |
CCE-1128 |
NaN |
NaN |
detect_application_installations_prompt_elevation |
oval:gov.nist.fdcc.vista:def:8084 |
NaN |
NaN |
NaN |
NaN |
| CCE-5004-7 |
The "User Account Control: Only elevate executables that are signed and validated" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validated |
NaN |
CCE-1104 |
NaN |
NaN |
only_elevate_executables_signed_validated |
oval:gov.nist.fdcc.vista:def:8085 |
NaN |
NaN |
NaN |
NaN |
| CCE-4020-4 |
The "User Account Control: Only elevate UIAccess applications that are installed in secure locations" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate UIAccess applications that are installed in secure locations |
NaN |
CCE-986 |
NaN |
NaN |
only_elevate_uiaccess_applications |
oval:gov.nist.fdcc.vista:def:8086 |
NaN |
NaN |
NaN |
NaN |
| CCE-4907-2 |
The "User Account Control: Run all administrators in Admin Approval Mode" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval Mode |
NaN |
CCE-1050 |
NaN |
NaN |
run_administrators_admin_approval_mode |
oval:gov.nist.fdcc.vista:def:8087 |
NaN |
NaN |
NaN |
NaN |
| CCE-4925-4 |
The "User Account Control: Switch to the secure desktop when prompting for elevation" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Switch to the secure desktop when prompting for elevation |
NaN |
CCE-230 |
NaN |
NaN |
switch_secure_desktop_prompting_elevation |
oval:gov.nist.fdcc.vista:def:8088 |
NaN |
NaN |
NaN |
NaN |
| CCE-4194-7 |
The "User Account Control: Virtualize file and registry write failures to per-user locations" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Virtualize file and registry write failures to per-user locations |
NaN |
CCE-673 |
NaN |
NaN |
virtualize_write_failures_per_user_locations |
oval:gov.nist.fdcc.vista:def:8089 |
NaN |
NaN |
NaN |
NaN |
| CCE-4334-9 |
The "access this computer from the network" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined by the SeNetworkLogonRight setting in Local or Group Policy |
NaN |
CCE-532 |
NaN |
NaN |
Access-Computer-From-Network-Administrators |
oval:gov.nist.fdcc.vista:def:6607 |
NaN |
NaN |
NaN |
NaN |
| CCE-4088-1 |
The "act as part of the operating system" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeTcbPrivilege setting in by Local or Group Policy |
NaN |
CCE-162 |
NaN |
NaN |
Act-As-Part-Of-Operating-System-None |
oval:gov.nist.fdcc.vista:def:6609 |
NaN |
NaN |
NaN |
NaN |
| CCE-4854-6 |
The "adjust memory quotas for a process" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeIncreaseQuotaPrivilege setting in by Local or Group Policy |
NaN |
CCE-807 |
NaN |
NaN |
Adjust-Memory-Quotas-Administrators-LocalService-NetworkService |
oval:gov.nist.fdcc.vista:def:6612 |
NaN |
NaN |
NaN |
NaN |
| CCE-4872-8 |
The "log on locally" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeInteractiveLogonRight setting in by Local or Group Policy |
NaN |
CCE-965 |
NaN |
NaN |
Allow-Log-On-Locally-Administrators-Users |
oval:gov.nist.fdcc.vista:def:6613 |
NaN |
NaN |
NaN |
NaN |
| CCE-4264-8 |
The "allow logon through Terminal Services" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeRemoteInteractiveLogonRight setting in by Local or Group Policy |
NaN |
CCE-883 |
NaN |
NaN |
Allow-Log-On-Through-Terminal-Services-Administrators-RemoteDesktopUsers |
oval:gov.nist.fdcc.vista:def:6616 |
NaN |
NaN |
NaN |
NaN |
| CCE-4827-2 |
The "back up files and directories" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeBackupPrivilege setting in by Local or Group Policy |
NaN |
CCE-931 |
NaN |
NaN |
Back-Up-Files-And-Directories-Administrators |
oval:gov.nist.fdcc.vista:def:6617 |
NaN |
NaN |
NaN |
NaN |
| CCE-4973-4 |
The "bypass traverse checking" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeChangeNotifyPrivilege setting in by Local or Group Policy |
NaN |
CCE-376 |
NaN |
NaN |
Bypass-Traverse-Checking-Administrators_Users_LocalService_NetworkService |
oval:gov.nist.fdcc.vista:def:6621 |
NaN |
NaN |
NaN |
NaN |
| CCE-4863-7 |
The "change the system time" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeSystemTimePrivilege setting in by Local or Group Policy |
NaN |
CCE-799 |
NaN |
NaN |
Change-System-Time-LocalService-Administrators |
oval:gov.nist.fdcc.vista:def:6623 |
NaN |
NaN |
NaN |
NaN |
| CCE-5008-8 |
The "Change the time zone" user right should be assigned to the appropriate accounts. |
(1) list of accounts |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Change the time zone |
NaN |
CCE-470 |
NaN |
NaN |
Change-Time-Zone-Administrators_Users_LocalService |
oval:gov.nist.fdcc.vista:def:662381 |
NaN |
NaN |
NaN |
NaN |
| CCE-4757-1 |
The "create a pagefile" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeCreatePagefilePrivilege setting in by Local or Group Policy |
NaN |
CCE-895 |
NaN |
NaN |
Create-Pagefile-Administrators |
oval:gov.nist.fdcc.vista:def:6624 |
NaN |
NaN |
NaN |
NaN |
| CCE-4902-3 |
The "Create a token object" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeCreateTokenPrivilege setting in by Local or Group Policy |
NaN |
CCE-926 |
NaN |
NaN |
Create-Token-Object-None |
oval:gov.nist.fdcc.vista:def:6625 |
NaN |
NaN |
NaN |
NaN |
| CCE-4792-8 |
The "Create global objects" user right should be assigned to the correct accounts. |
(1) set of accounts |
NaN |
NaN |
CCE-383 |
NaN |
NaN |
Create-Global-Objects-Administrators-SERVICE-LocalService-NetworkService |
oval:gov.nist.fdcc.vista:def:6626 |
NaN |
NaN |
NaN |
NaN |
| CCE-4184-8 |
The "create permanent shared objects" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeCreatePermanentPrivilege setting in by Local or Group Policy |
NaN |
CCE-335 |
NaN |
NaN |
Create-Permanent-Shared-Objects-None |
oval:gov.nist.fdcc.vista:def:6627 |
NaN |
NaN |
NaN |
NaN |
| CCE-4687-0 |
The "debug programs" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeDebugPrivilege setting in by Local or Group Policy |
NaN |
CCE-842 |
NaN |
NaN |
Debug-Programs-None |
oval:gov.nist.fdcc.vista:def:6628 |
NaN |
NaN |
NaN |
NaN |
| CCE-4704-3 |
The "deny access to this computer from the network" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined by the SeDenyNetworkLogonRight setting in Local or Group Policy |
NaN |
CCE-898 |
NaN |
NaN |
Deny-Access-From-Network-Guests |
oval:gov.nist.fdcc.vista:def:6630 |
NaN |
NaN |
NaN |
NaN |
| CCE-4722-5 |
The "deny logon as a batch job" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeDenyBatchLogonRight setting in by Local or Group Policy |
NaN |
CCE-165 |
NaN |
NaN |
Deny-Logon-As-Batch-Job-Guests |
oval:gov.nist.fdcc.vista:def:6631 |
NaN |
NaN |
NaN |
NaN |
| CCE-4867-8 |
The "deny logon as a service" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeDenyServiceLogonRight setting in by Local or Group Policy |
NaN |
CCE-597 |
NaN |
NaN |
deny_logon_as_service_none |
oval:gov.nist.fdcc.vista:def:6633 |
NaN |
NaN |
NaN |
NaN |
| CCE-4889-2 |
The "deny logon locally" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeDenyInteractiveLogonRight setting in by Local or Group Policy |
NaN |
CCE-64 |
NaN |
NaN |
Deny-Logon-Locally-Guests |
oval:gov.nist.fdcc.vista:def:6634 |
NaN |
NaN |
NaN |
NaN |
| CCE-4656-5 |
The "deny logon through Terminal Services" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeDenyRemoteInteractiveLogonRight setting in by Local or Group Policy |
NaN |
CCE-108 |
NaN |
NaN |
Deny-Logon-Through-Terminal-Services-Guest |
oval:gov.nist.fdcc.vista:def:6636 |
NaN |
NaN |
NaN |
NaN |
| CCE-4673-0 |
The "force shutdown from a remote system" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeRemoteShutdownPrivilege setting in by Local or Group Policy |
NaN |
CCE-754 |
NaN |
NaN |
Force-Shutdown-From-Remote-System-Administrators |
oval:gov.nist.fdcc.vista:def:6638 |
NaN |
NaN |
NaN |
NaN |
| CCE-4488-3 |
The "generate security audits" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeAuditPrivilege setting in by Local or Group Policy |
NaN |
CCE-939 |
NaN |
NaN |
Generate-Security-Audits-LocalService-NetworkService |
oval:gov.nist.fdcc.vista:def:6639 |
NaN |
NaN |
NaN |
NaN |
| CCE-4382-8 |
The "Impersonate a client after authentication" user right should be assigned to the correct accounts. |
(1) set of accounts |
NaN |
NaN |
CCE-304 |
NaN |
NaN |
Impersonate-Client-After-Authentication-Administrators-SERVICE-LocalService-NetworkService |
oval:gov.nist.fdcc.vista:def:6640 |
NaN |
NaN |
NaN |
NaN |
| CCE-4651-6 |
The "Increase a Process Working Set" setting should be configured correctly. |
(1) Set of users or groups |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Increase a process working set |
NaN |
CCE-1027 |
NaN |
NaN |
Increase-Process-Working-Set-Administrators_LocalService |
oval:gov.nist.fdcc.vista:def:662391 |
NaN |
NaN |
NaN |
NaN |
| CCE-4796-9 |
The "increase scheduling priority" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeIncreaseBasePriorityPrivilege setting in by Local or Group Policy |
NaN |
CCE-349 |
NaN |
NaN |
Increase-Scheduling-Priority-Administrators |
oval:gov.nist.fdcc.vista:def:6641 |
NaN |
NaN |
NaN |
NaN |
| CCE-4034-5 |
The "load and unload device drivers" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeLoadDriverPrivilege setting in by Local or Group Policy |
NaN |
CCE-860 |
NaN |
NaN |
Load-And-Unload-Device-Drivers-Administrators |
oval:gov.nist.fdcc.vista:def:6642 |
NaN |
NaN |
NaN |
NaN |
| CCE-4317-4 |
The "lock pages in memory" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeLockMemoryPrivilege setting in by Local or Group Policy |
NaN |
CCE-749 |
NaN |
NaN |
Lock-Pages-In-Memory-None |
oval:gov.nist.fdcc.vista:def:6643 |
NaN |
NaN |
NaN |
NaN |
| CCE-4083-2 |
The "log on as a batch job" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeBatchLogonRight setting in by Local or Group Policy |
NaN |
CCE-177 |
NaN |
NaN |
Log-On-As-Batch-Job-None |
oval:gov.nist.fdcc.vista:def:6644 |
NaN |
NaN |
NaN |
NaN |
| CCE-4038-6 |
The "log on as a service" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeServiceLogonRight setting in by Local or Group Policy |
NaN |
CCE-216 |
NaN |
NaN |
Log-On-As-Service-None |
oval:gov.nist.fdcc.vista:def:6647 |
NaN |
NaN |
NaN |
NaN |
| CCE-4046-9 |
The "manage auditing and security log" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeSecurityPrivilege setting in by Local or Group Policy |
NaN |
CCE-850 |
NaN |
NaN |
Manage-Auditing-And-Security-Log-Administrators |
oval:gov.nist.fdcc.vista:def:6648 |
NaN |
NaN |
NaN |
NaN |
| CCE-4285-3 |
The "Modify an object label" user right should be assigned to the appropriate accounts. |
(1) list of accounts |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Modify an object label |
NaN |
CCE-1023 |
NaN |
NaN |
Modify-Object-Label-None |
oval:gov.nist.fdcc.vista:def:662371 |
NaN |
NaN |
NaN |
NaN |
| CCE-4048-5 |
The "modify firmware environment values" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeSystemEnvironmentPrivilege setting in by Local or Group Policy |
NaN |
CCE-17 |
NaN |
NaN |
Modify-Firmware-Environment-Values-Administrators |
oval:gov.nist.fdcc.vista:def:6649 |
NaN |
NaN |
NaN |
NaN |
| CCE-4071-7 |
The "perform volume maintenance tasks" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeManageVolumePrivilege setting in by Local or Group Policy |
NaN |
CCE-314 |
NaN |
NaN |
Perform-Volume-Maintenance-Tasks-Administrators |
oval:gov.nist.fdcc.vista:def:6650 |
NaN |
NaN |
NaN |
NaN |
| CCE-4962-7 |
The "profile single process" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeProfileSingleProcessPrivilege setting in by Local or Group Policy |
NaN |
CCE-260 |
NaN |
NaN |
Profile-Single-Process-Administrators |
oval:gov.nist.fdcc.vista:def:6651 |
NaN |
NaN |
NaN |
NaN |
| CCE-4618-5 |
The "profile system performance" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeSystemProfilePrivilege setting in by Local or Group Policy |
NaN |
CCE-599 |
NaN |
NaN |
Profile-System-Performance-Administrators |
oval:gov.nist.fdcc.vista:def:6652 |
NaN |
NaN |
NaN |
NaN |
| CCE-4861-1 |
The "remove computer from docking station" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeUndockPrivilege setting in by Local or Group Policy |
NaN |
CCE-656 |
NaN |
NaN |
Remove-Computer-From-Docking-Station-Administrators-Users |
oval:gov.nist.fdcc.vista:def:6653 |
NaN |
NaN |
NaN |
NaN |
| CCE-4372-9 |
The "replace a process-level token" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeAssignPrimaryTokenPrivilege setting in by Local or Group Policy |
NaN |
CCE-667 |
NaN |
NaN |
Replace-Process-Level-Token-NetworkService-LocalService |
oval:gov.nist.fdcc.vista:def:6654 |
NaN |
NaN |
NaN |
NaN |
| CCE-4948-6 |
The "restore files and directories" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeRestorePrivilege setting in by Local or Group Policy |
NaN |
CCE-553 |
NaN |
NaN |
Restore-Files-And-Directories-Administrators |
oval:gov.nist.fdcc.vista:def:6655 |
NaN |
NaN |
NaN |
NaN |
| CCE-4569-0 |
The "shut down the system" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeShutdownPrivilege setting in by Local or Group Policy |
NaN |
CCE-839 |
NaN |
NaN |
Shut-Down-System-Administrators-Users |
oval:gov.nist.fdcc.vista:def:6657 |
NaN |
NaN |
NaN |
NaN |
| CCE-4970-0 |
The "synchronize directory service data" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeSynchAgentPrivilege setting in by Local or Group Policy |
NaN |
CCE-381 |
NaN |
NaN |
Synchronize-Directory-Service-Data-None |
oval:gov.nist.fdcc.vista:def:6658 |
NaN |
NaN |
NaN |
NaN |
| CCE-4988-2 |
The "take ownership of files or other objects" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) defined the SeTakeOwnershipPrivilege setting in by Local or Group Policy |
NaN |
CCE-492 |
NaN |
NaN |
Take-Ownership-Of-Files-Administrators |
oval:gov.nist.fdcc.vista:def:6659 |
NaN |
NaN |
NaN |
NaN |
| CCE-4627-6 |
The required permissions for the WLAN AutoConfig service should be assigned. |
(1) set of accounts (2) list of permissions (3) applicability |
(1) defined by the object's DACL (2) defined through group policy |
NaN |
CCE-957 |
NaN |
NaN |
wlan_autoconfig |
oval:gov.nist.fdcc.vista:def:61481 |
NaN |
NaN |
NaN |
NaN |
| CCE-4992-4 |
Internet Explorer Processes (Zone Elevation Protection) |
(1) enabled/disabled |
(1) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved) (2) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe (3) HKLM\Software\Policies\Microsoft\Internet (4) Local Internet Options: (5) GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Protection From Zone Elevation (6) Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\(Reserved) (7) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\explorer.exe (8) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe |
NaN |
CCE-347 |
NaN |
NaN |
turn_on_mapper_io_lltdio_driver |
oval:gov.nist.fdcc.vista:def:6660 |
NaN |
NaN |
NaN |
NaN |
| CCE-4077-4 |
The "Turn on Responder (RSPNDR) driver" setting should be configured correctly for the domain profile. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Responder (RSPNDR) driver |
NaN |
CCE-1134 |
NaN |
NaN |
turn_on_responder_rspndr_driver |
oval:gov.nist.fdcc.vista:def:6661 |
NaN |
NaN |
NaN |
NaN |
| CCE-4152-5 |
Installation and Configuration of Network Bridge on the DNS Domain Network should be properly configured. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA |
NaN |
CCE-896 |
NaN |
NaN |
prohibit_installation_network_bridge |
oval:gov.nist.fdcc.vista:def:3366991 |
NaN |
NaN |
NaN |
NaN |
| CCE-5020-3 |
The "Prohibit use of Internet Connection Firewall on your DNS domain network" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network |
NaN |
CCE-241 |
NaN |
NaN |
prohibit_internet_connection_firewall |
oval:gov.nist.fdcc.vista:def:3366992 |
NaN |
NaN |
NaN |
NaN |
| CCE-4078-2 |
The startup type of the Internet Connection Sharing service should be correct. |
(1) disabled/manual/automatic/automatic (delayed start) |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy |
NaN |
CCE-672 |
NaN |
NaN |
prohibit_internet_connection_sharing |
oval:gov.nist.fdcc.vista:def:3366993 |
NaN |
NaN |
NaN |
NaN |
| CCE-5061-7 |
The "Configuration of wireless settings using Windows Connect Now" setting should be configured correctly for Wireless Connect Now over Ethernet (UPnP). |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Administrative Templates\Network\Windows Connect Now\Configuration of wireless settings using Windows Connect Now |
NaN |
CCE-734 |
NaN |
NaN |
configuration_of_wireless_settings_using_windows_connect_now |
oval:gov.nist.fdcc.vista:def:6665 |
NaN |
NaN |
NaN |
NaN |
| CCE-4081-6 |
The "Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Administrative Templates\System\Group Policy\Internet Explorer Maintenance Policy Processing |
NaN |
CCE-365 |
NaN |
NaN |
internet_explorer_maintenance_policy_processing_enabled |
oval:gov.nist.fdcc.vista:def:6671 |
NaN |
NaN |
NaN |
NaN |
| CCE-4694-6 |
The "Enable Error Reporting" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport |
NaN |
CCE-592 |
NaN |
NaN |
turn_off_windows_error_reporting |
oval:gov.nist.fdcc.vista:def:6683 |
NaN |
NaN |
NaN |
NaN |
| CCE-4813-2 |
Use Classic Logon should be properly configured. |
(1) logon type |
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system\LogonType |
NaN |
CCE-231 |
NaN |
NaN |
Always-Use-Classic-Logon |
oval:gov.nist.fdcc.vista:def:6686 |
NaN |
NaN |
NaN |
NaN |
| CCE-4579-9 |
The 'Approved Installation Sites for ActiveX Controls' security mechanism should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\ActiveX Installer Service\Approved Installation Sites for ActiveX Controls |
NaN |
CCE-836 |
NaN |
NaN |
approved_installation_sites_for_activex_controls |
oval:gov.nist.fdcc.vista:def:6695 |
NaN |
NaN |
NaN |
NaN |
| CCE-4086-5 |
The setup log maximum size should be configured correctly. |
(1) Size limit (KB) |
GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Maximum Log Size (KB) |
NaN |
CCE-262 |
NaN |
NaN |
maximum_setup_log_size |
oval:gov.nist.fdcc.vista:def:19898 |
NaN |
NaN |
NaN |
NaN |
| CCE-4501-3 |
The "Do not allow drive redirection" setting should be configured correctly for Terminal Services. |
NaN |
(1) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Device and Resource Redirection (2) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCdm |
NaN |
CCE-648 |
NaN |
NaN |
Do-not-allow-drive-redirection |
oval:gov.nist.fdcc.vista:def:6598 |
NaN |
NaN |
NaN |
NaN |
| CCE-4866-0 |
The "Set Client connection Encryption Level" policy should be set correctly for Terminal Services. |
(1) encryption level |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel |
NaN |
CCE-397 |
NaN |
NaN |
Set-client-connection-encryption-level |
oval:gov.nist.fdcc.vista:def:6600 |
NaN |
NaN |
NaN |
NaN |
| CCE-5007-0 |
The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services. |
(1) Time Limit (minutes) |
1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime |
NaN |
CCE-920 |
NaN |
NaN |
set_timelimit_for_disconnected_sessions |
oval:gov.nist.fdcc.vista:def:6726 |
NaN |
NaN |
NaN |
NaN |
| CCE-4267-1 |
The "Set time limit for idle sessions" policy should be set correctly for Terminal Services. |
(1) Time limit (minutes) |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime |
NaN |
CCE-123 |
NaN |
NaN |
set_timelimit_for_active_but_idle_terminal_services_sessions |
oval:gov.nist.fdcc.vista:def:6725 |
NaN |
NaN |
NaN |
NaN |
| CCE-4761-3 |
Computer-wide, rather than per-user, use of Microsoft Spynet Reporting for Windows Defender should be enabled or disabled as appropriate. |
(1) enabled, disabled, or not configured |
(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Configure Microsoft Spynet Reporting |
NaN |
CCE-312 |
NaN |
NaN |
configure_ms_spynet_reporting |
oval:gov.nist.fdcc.vista:def:6727 |
NaN |
NaN |
NaN |
NaN |
| CCE-4915-5 |
The "Disable Logging" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Logging |
NaN |
CCE-959 |
NaN |
NaN |
disable_logging |
oval:gov.nist.fdcc.vista:def:6114 |
NaN |
NaN |
NaN |
NaN |
| CCE-5034-4 |
The "Disable Windows Error Reporting" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Windows Error Reporting |
NaN |
CCE-803 |
NaN |
NaN |
disable_windows_error_reporting |
oval:gov.nist.fdcc.vista:def:6115 |
NaN |
NaN |
NaN |
NaN |
| CCE-4919-7 |
The "Display Error Notification" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Settings: Computer Configuration\Administrative Templates\System\Error Reporting\Display Error Notification (2) Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Display Error Notification |
NaN |
CCE-259 |
NaN |
NaN |
display_error_notification |
oval:gov.nist.fdcc.vista:def:3366994 |
NaN |
NaN |
NaN |
NaN |
| CCE-4089-9 |
The "Do not send additional data" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Do not send additional data |
NaN |
CCE-798 |
NaN |
NaN |
do_not_send_additional_data |
oval:gov.nist.fdcc.vista:def:6117 |
NaN |
NaN |
NaN |
NaN |
| CCE-4991-6 |
The "Set Safe for Scripting" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\SafeForScripting\ |
NaN |
CCE-261 |
NaN |
NaN |
disable_ie_security_prompt_windows_installer_scripts |
oval:gov.nist.fdcc.vista:def:6120 |
NaN |
NaN |
NaN |
NaN |
| CCE-4629-2 |
The "Enable User Control Over Installs" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableUserControl |
NaN |
CCE-415 |
NaN |
NaN |
enable_user_control_over_installs |
oval:gov.nist.fdcc.vista:def:6121 |
NaN |
NaN |
NaN |
NaN |
| CCE-4405-7 |
The "Do Not Show First Use Dialog Boxes" setting for Windows Media Player should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Do Not Show First Use Dialog Boxes |
NaN |
CCE-1140 |
NaN |
NaN |
do_not_show_first_use_dialog_boxes |
oval:gov.nist.fdcc.vista:def:612261221 |
NaN |
NaN |
NaN |
NaN |
| CCE-4898-3 |
The "Disable Media Player for automatic updates" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoupdate |
NaN |
CCE-455 |
NaN |
NaN |
prevent_automatic_updates |
oval:gov.nist.fdcc.vista:def:612261222 |
NaN |
NaN |
NaN |
NaN |
| CCE-5052-6 |
The "Prevent Desktop Shortcut Creation" setting for Windows Media Player should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Desktop Shortcut Creation |
NaN |
CCE-313 |
NaN |
NaN |
prevent_desktop_shortcut_creation |
oval:gov.nist.fdcc.vista:def:612261223 |
NaN |
NaN |
NaN |
NaN |
| CCE-4797-7 |
The "Do Not Automatically Start Windows Messenger" policy should be set correctly. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventAutoRun |
NaN |
CCE-309 |
NaN |
NaN |
do_not_automatically_start_windows_messenger_initially |
oval:gov.nist.fdcc.vista:def:612261224 |
NaN |
NaN |
NaN |
NaN |
| CCE-4290-3 |
The "Password protect the screen saver" setting should be configured correctly for the current user. |
(1) enabled/disabled |
(1) User Configuration\Administrative Templates\Control Panel\Display\Password protect the screen saver (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure |
NaN |
CCE-949 |
NaN |
NaN |
password_protect_the_screen_saver |
oval:gov.nist.fdcc.vista:def:6707 |
NaN |
NaN |
NaN |
NaN |
| CCE-5070-8 |
The "Prevent users from sharing files within their profile" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: User Configuration\Administrative Templates\Windows Components\Network Sharing\Prevent users from sharing files within their profiles |
NaN |
CCE-1144 |
NaN |
NaN |
prevent_users_from_sharing_files_within_their_profile |
oval:gov.nist.fdcc.vista:def:6715 |
NaN |
NaN |
NaN |
NaN |
| CCE-4938-7 |
Auditing of "Account Management: Application Group Management" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-801 |
NaN |
NaN |
application-group-management |
oval:gov.nist.fdcc.vista:def:8001 |
NaN |
NaN |
NaN |
NaN |
| CCE-4700-1 |
Auditing of "Account Management: Application Group Management" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1016 |
NaN |
NaN |
application-group-management |
oval:gov.nist.fdcc.vista:def:8001 |
NaN |
NaN |
NaN |
NaN |
| CCE-4093-1 |
Auditing of "Account Management: Computer Account Management" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1070 |
NaN |
NaN |
computer-account-management |
oval:gov.nist.fdcc.vista:def:8002 |
NaN |
NaN |
NaN |
NaN |
| CCE-4228-3 |
Auditing of "Account Management: Computer Account Management" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-840 |
NaN |
NaN |
computer-account-management |
oval:gov.nist.fdcc.vista:def:8002 |
NaN |
NaN |
NaN |
NaN |
| CCE-4115-2 |
Auditing of "Account Management: Distribution Group Management" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-515 |
NaN |
NaN |
distribution-group-management |
oval:gov.nist.fdcc.vista:def:8003 |
NaN |
NaN |
NaN |
NaN |
| CCE-4140-0 |
Auditing of "Account Management: Distribution Group Management" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1048 |
NaN |
NaN |
distribution-group-management |
oval:gov.nist.fdcc.vista:def:8003 |
NaN |
NaN |
NaN |
NaN |
| CCE-4916-3 |
Auditing of "Account Management: Other Account Management Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-206 |
NaN |
NaN |
other-account-management-events |
oval:gov.nist.fdcc.vista:def:8004 |
NaN |
NaN |
NaN |
NaN |
| CCE-4783-7 |
Auditing of "Account Management: Other Account Management Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1202 |
NaN |
NaN |
other-account-management-events |
oval:gov.nist.fdcc.vista:def:8004 |
NaN |
NaN |
NaN |
NaN |
| CCE-5048-4 |
Auditing of "Account Management: Security Group Management" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1118 |
NaN |
NaN |
security-group-management |
oval:gov.nist.fdcc.vista:def:8005 |
NaN |
NaN |
NaN |
NaN |
| CCE-4142-6 |
Auditing of "Account Management: Security Group Management" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-369 |
NaN |
NaN |
security-group-management |
oval:gov.nist.fdcc.vista:def:8005 |
NaN |
NaN |
NaN |
NaN |
| CCE-4833-0 |
Auditing of "Account Management: User Account Management" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1043 |
NaN |
NaN |
user-account-management |
oval:gov.nist.fdcc.vista:def:8006 |
NaN |
NaN |
NaN |
NaN |
| CCE-5097-1 |
Auditing of "Account Management: User Account Management" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-924 |
NaN |
NaN |
user-account-management |
oval:gov.nist.fdcc.vista:def:8006 |
NaN |
NaN |
NaN |
NaN |
| CCE-5000-5 |
Auditing of "Detailed Tracking: DPAPI Activity" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1413 |
NaN |
NaN |
dpapi-activity |
oval:gov.nist.fdcc.vista:def:8007 |
NaN |
NaN |
NaN |
NaN |
| CCE-4493-3 |
Auditing of "Detailed Tracking: DPAPI Activity" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-699 |
NaN |
NaN |
dpapi-activity |
oval:gov.nist.fdcc.vista:def:8007 |
NaN |
NaN |
NaN |
NaN |
| CCE-4166-5 |
Auditing of "Detailed Tracking: Process Creation" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-913 |
NaN |
NaN |
process-creation |
oval:gov.nist.fdcc.vista:def:8008 |
NaN |
NaN |
NaN |
NaN |
| CCE-5094-8 |
Auditing of "Detailed Tracking: Process Creation" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1079 |
NaN |
NaN |
process-creation |
oval:gov.nist.fdcc.vista:def:8008 |
NaN |
NaN |
NaN |
NaN |
| CCE-4869-4 |
Auditing of "Detailed Tracking: Process Termination" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-416 |
NaN |
NaN |
process-termination |
oval:gov.nist.fdcc.vista:def:8009 |
NaN |
NaN |
NaN |
NaN |
| CCE-4363-8 |
Auditing of "Detailed Tracking: Process Termination" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1250 |
NaN |
NaN |
process-termination |
oval:gov.nist.fdcc.vista:def:8009 |
NaN |
NaN |
NaN |
NaN |
| CCE-4891-8 |
Auditing of "Detailed Tracking: RPC Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1219 |
NaN |
NaN |
rpc-events |
oval:gov.nist.fdcc.vista:def:8010 |
NaN |
NaN |
NaN |
NaN |
| CCE-4759-7 |
Auditing of "Detailed Tracking: RPC Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1365 |
NaN |
NaN |
rpc-events |
oval:gov.nist.fdcc.vista:def:8010 |
NaN |
NaN |
NaN |
NaN |
| CCE-5023-7 |
Auditing of "DS Access: Detailed Directory Service Replication" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-207 |
NaN |
NaN |
detailed-directory-service-replication |
oval:gov.nist.fdcc.vista:def:8011 |
NaN |
NaN |
NaN |
NaN |
| CCE-4658-1 |
Auditing of "DS Access: Detailed Directory Service Replication" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1186 |
NaN |
NaN |
detailed-directory-service-replication |
oval:gov.nist.fdcc.vista:def:8011 |
NaN |
NaN |
NaN |
NaN |
| CCE-5028-6 |
Auditing of "DS Access: Directory Service Access" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1199 |
NaN |
NaN |
directory-service-access |
oval:gov.nist.fdcc.vista:def:8012 |
NaN |
NaN |
NaN |
NaN |
| CCE-4931-2 |
Auditing of "DS Access: Directory Service Access" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-459 |
NaN |
NaN |
directory-service-access |
oval:gov.nist.fdcc.vista:def:8012 |
NaN |
NaN |
NaN |
NaN |
| CCE-5067-4 |
Auditing of "DS Access: Directory Service Changes" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-317 |
NaN |
NaN |
directory-service-changes |
oval:gov.nist.fdcc.vista:def:8013 |
NaN |
NaN |
NaN |
NaN |
| CCE-4808-2 |
Auditing of "DS Access: Directory Service Changes" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-982 |
NaN |
NaN |
directory-service-changes |
oval:gov.nist.fdcc.vista:def:8013 |
NaN |
NaN |
NaN |
NaN |
| CCE-5089-8 |
Auditing of "DS Access: Directory Service Replication" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-881 |
NaN |
NaN |
directory-service-replication |
oval:gov.nist.fdcc.vista:def:8014 |
NaN |
NaN |
NaN |
NaN |
| CCE-4176-4 |
Auditing of "DS Access: Directory Service Replication" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-247 |
NaN |
NaN |
directory-service-replication |
oval:gov.nist.fdcc.vista:def:8014 |
NaN |
NaN |
NaN |
NaN |
| CCE-4342-2 |
Auditing of "Logon/Logoff: Account Lockout" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1264 |
NaN |
NaN |
account-lockout |
oval:gov.nist.fdcc.vista:def:8015 |
NaN |
NaN |
NaN |
NaN |
| CCE-4857-9 |
Auditing of "Logon/Logoff: Account Lockout" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1282 |
NaN |
NaN |
account-lockout |
oval:gov.nist.fdcc.vista:def:8015 |
NaN |
NaN |
NaN |
NaN |
| CCE-5011-2 |
Auditing of "Logon/Logoff: IPsec Extended Mode" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1028 |
NaN |
NaN |
ipsec-extended-mode |
oval:gov.nist.fdcc.vista:def:8016 |
NaN |
NaN |
NaN |
NaN |
| CCE-4505-4 |
Auditing of "Logon/Logoff: IPsec Extended Mode" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-362 |
NaN |
NaN |
ipsec-extended-mode |
oval:gov.nist.fdcc.vista:def:8016 |
NaN |
NaN |
NaN |
NaN |
| CCE-5016-1 |
Auditing of "Logon/Logoff: IPsec Main Mode" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1207 |
NaN |
NaN |
ipsec-main-mode |
oval:gov.nist.fdcc.vista:def:8017 |
NaN |
NaN |
NaN |
NaN |
| CCE-4650-8 |
Auditing of "Logon/Logoff: IPsec Main Mode" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-351 |
NaN |
NaN |
ipsec-main-mode |
oval:gov.nist.fdcc.vista:def:8017 |
NaN |
NaN |
NaN |
NaN |
| CCE-5038-5 |
Auditing of "Logon/Logoff: IPsec Quick Mode" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1257 |
NaN |
NaN |
ipsec-quick-mode |
oval:gov.nist.fdcc.vista:def:8018 |
NaN |
NaN |
NaN |
NaN |
| CCE-4928-8 |
Auditing of "Logon/Logoff: IPsec Quick Mode" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1274 |
NaN |
NaN |
ipsec-quick-mode |
oval:gov.nist.fdcc.vista:def:8018 |
NaN |
NaN |
NaN |
NaN |
| CCE-4703-5 |
Auditing of "Logon/Logoff: Logoff" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-493 |
NaN |
NaN |
logoff |
oval:gov.nist.fdcc.vista:def:8019 |
NaN |
NaN |
NaN |
NaN |
| CCE-4183-0 |
Auditing of "Logon/Logoff: Logoff" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-996 |
NaN |
NaN |
logoff |
oval:gov.nist.fdcc.vista:def:8019 |
NaN |
NaN |
NaN |
NaN |
| CCE-5018-7 |
Auditing of "Logon/Logoff: Logon" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1284 |
NaN |
NaN |
logon |
oval:gov.nist.fdcc.vista:def:8020 |
NaN |
NaN |
NaN |
NaN |
| CCE-4423-0 |
Auditing of "Logon/Logoff: Logon" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1097 |
NaN |
NaN |
logon |
oval:gov.nist.fdcc.vista:def:8020 |
NaN |
NaN |
NaN |
NaN |
| CCE-5163-1 |
Auditing of "Logon/Logoff: Other Logon/Logoff Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-378 |
NaN |
NaN |
other-logon-logoff-events |
oval:gov.nist.fdcc.vista:def:8021 |
NaN |
NaN |
NaN |
NaN |
| CCE-5066-6 |
Auditing of "Logon/Logoff: Other Logon/Logoff Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1208 |
NaN |
NaN |
other-logon-logoff-events |
oval:gov.nist.fdcc.vista:def:8021 |
NaN |
NaN |
NaN |
NaN |
| CCE-4956-9 |
Auditing of "Logon/Logoff: Special Logon" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-371 |
NaN |
NaN |
special-logon |
oval:gov.nist.fdcc.vista:def:8022 |
NaN |
NaN |
NaN |
NaN |
| CCE-4824-9 |
Auditing of "Logon/Logoff: Special Logon" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1038 |
NaN |
NaN |
special-logon |
oval:gov.nist.fdcc.vista:def:8022 |
NaN |
NaN |
NaN |
NaN |
| CCE-5084-9 |
Auditing of "Object Access: Application Generated" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1322 |
NaN |
NaN |
application-generated |
oval:gov.nist.fdcc.vista:def:8023 |
NaN |
NaN |
NaN |
NaN |
| CCE-4829-8 |
Auditing of "Object Access: Application Generated" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-379 |
NaN |
NaN |
application-generated |
oval:gov.nist.fdcc.vista:def:8023 |
NaN |
NaN |
NaN |
NaN |
| CCE-4714-2 |
Auditing of "Object Access: Certification Services" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1345 |
NaN |
NaN |
certification-services |
oval:gov.nist.fdcc.vista:def:8024 |
NaN |
NaN |
NaN |
NaN |
| CCE-4868-6 |
Auditing of "Object Access: Certification Services" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1261 |
NaN |
NaN |
certification-services |
oval:gov.nist.fdcc.vista:def:8024 |
NaN |
NaN |
NaN |
NaN |
| CCE-4200-2 |
Auditing of "Object Access: File Share" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1372 |
NaN |
NaN |
file-share |
oval:gov.nist.fdcc.vista:def:8025 |
NaN |
NaN |
NaN |
NaN |
| CCE-5145-8 |
Auditing of "Object Access: File Share" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1033 |
NaN |
NaN |
file-share |
oval:gov.nist.fdcc.vista:def:8025 |
NaN |
NaN |
NaN |
NaN |
| CCE-4921-3 |
Auditing of "Object Access: File System" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1085 |
NaN |
NaN |
file-system |
oval:gov.nist.fdcc.vista:def:8026 |
NaN |
NaN |
NaN |
NaN |
| CCE-5039-3 |
Auditing of "Object Access: File System" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1340 |
NaN |
NaN |
file-system |
oval:gov.nist.fdcc.vista:def:8026 |
NaN |
NaN |
NaN |
NaN |
| CCE-4568-2 |
Auditing of "Object Access: Filtering Platform Connection" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-717 |
NaN |
NaN |
filtering-platform-connection |
oval:gov.nist.fdcc.vista:def:8027 |
NaN |
NaN |
NaN |
NaN |
| CCE-5079-9 |
Auditing of "Object Access: Filtering Platform Connection" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-744 |
NaN |
NaN |
filtering-platform-connection |
oval:gov.nist.fdcc.vista:def:8027 |
NaN |
NaN |
NaN |
NaN |
| CCE-4947-8 |
Auditing of "Object Access: Filtering Platform Packet Drop" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-385 |
NaN |
NaN |
filtering-platform-packet-drop |
oval:gov.nist.fdcc.vista:def:8028 |
NaN |
NaN |
NaN |
NaN |
| CCE-4335-6 |
Auditing of "Object Access: Filtering Platform Packet Drop" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-589 |
NaN |
NaN |
filtering-platform-packet-drop |
oval:gov.nist.fdcc.vista:def:8028 |
NaN |
NaN |
NaN |
NaN |
| CCE-4828-0 |
Auditing of "Object Access: Handle Manipulation" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1363 |
NaN |
NaN |
handle-manipulation |
oval:gov.nist.fdcc.vista:def:8029 |
NaN |
NaN |
NaN |
NaN |
| CCE-4965-0 |
Auditing of "Object Access: Handle Manipulation" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1244 |
NaN |
NaN |
handle-manipulation |
oval:gov.nist.fdcc.vista:def:8029 |
NaN |
NaN |
NaN |
NaN |
| CCE-4996-5 |
Auditing of "Object Access: Kernel Object" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1288 |
NaN |
NaN |
kernel-object |
oval:gov.nist.fdcc.vista:def:8030 |
NaN |
NaN |
NaN |
NaN |
| CCE-4885-0 |
Auditing of "Object Access: Kernel Object" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1305 |
NaN |
NaN |
kernel-object |
oval:gov.nist.fdcc.vista:def:8030 |
NaN |
NaN |
NaN |
NaN |
| CCE-5132-6 |
Auditing of "Object Access: Other Object Access Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-642 |
NaN |
NaN |
other-object-access-events |
oval:gov.nist.fdcc.vista:def:8031 |
NaN |
NaN |
NaN |
NaN |
| CCE-4691-2 |
Auditing of "Object Access: Other Object Access Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1026 |
NaN |
NaN |
other-object-access-events |
oval:gov.nist.fdcc.vista:def:8031 |
NaN |
NaN |
NaN |
NaN |
| CCE-4594-8 |
Auditing of "Object Access: Registry" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1138 |
NaN |
NaN |
registry |
oval:gov.nist.fdcc.vista:def:8032 |
NaN |
NaN |
NaN |
NaN |
| CCE-5087-2 |
Auditing of "Object Access: Registry" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1283 |
NaN |
NaN |
registry |
oval:gov.nist.fdcc.vista:def:8032 |
NaN |
NaN |
NaN |
NaN |
| CCE-4616-9 |
Auditing of "Object Access: SAM" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-446 |
NaN |
NaN |
sam |
oval:gov.nist.fdcc.vista:def:8033 |
NaN |
NaN |
NaN |
NaN |
| CCE-4982-5 |
Auditing of "Object Access: SAM" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-451 |
NaN |
NaN |
sam |
oval:gov.nist.fdcc.vista:def:8033 |
NaN |
NaN |
NaN |
NaN |
| CCE-4201-0 |
Auditing of "Policy Change: Audit Policy Change" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1110 |
NaN |
NaN |
policy_change_audit |
oval:gov.nist.fdcc.vista:def:8034 |
NaN |
NaN |
NaN |
NaN |
| CCE-5137-5 |
Auditing of "Policy Change: Audit Policy Change" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-991 |
NaN |
NaN |
policy_change_audit |
oval:gov.nist.fdcc.vista:def:8034 |
NaN |
NaN |
NaN |
NaN |
| CCE-4877-7 |
Auditing of "Policy Change: Authentication Policy Change" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-388 |
NaN |
NaN |
authentication-policy-change |
oval:gov.nist.fdcc.vista:def:8035 |
NaN |
NaN |
NaN |
NaN |
| CCE-4516-1 |
Auditing of "Policy Change: Authentication Policy Change" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-180 |
NaN |
NaN |
authentication-policy-change |
oval:gov.nist.fdcc.vista:def:8035 |
NaN |
NaN |
NaN |
NaN |
| CCE-5172-2 |
Auditing of "Policy Change: Authorization Policy Change" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-187 |
NaN |
NaN |
authorization-policy-change |
oval:gov.nist.fdcc.vista:def:8036 |
NaN |
NaN |
NaN |
NaN |
| CCE-5058-3 |
Auditing of "Policy Change: Authorization Policy Change" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-448 |
NaN |
NaN |
authorization-policy-change |
oval:gov.nist.fdcc.vista:def:8036 |
NaN |
NaN |
NaN |
NaN |
| CCE-5177-1 |
Auditing of "Policy Change: Filtering Platform Policy Change" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1042 |
NaN |
NaN |
filtering-platform-policy-change |
oval:gov.nist.fdcc.vista:def:8037 |
NaN |
NaN |
NaN |
NaN |
| CCE-4939-5 |
Auditing of "Policy Change: Filtering Platform Policy Change" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1112 |
NaN |
NaN |
filtering-platform-policy-change |
oval:gov.nist.fdcc.vista:def:8037 |
NaN |
NaN |
NaN |
NaN |
| CCE-5181-3 |
Auditing of "Policy Change: MPSSVC Rule-Level Policy Change" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-203 |
NaN |
NaN |
mpssvc-rule-level-policy-change |
oval:gov.nist.fdcc.vista:def:8038 |
NaN |
NaN |
NaN |
NaN |
| CCE-4204-4 |
Auditing of "Policy Change: MPSSVC Rule-Level Policy Change" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-879 |
NaN |
NaN |
mpssvc-rule-level-policy-change |
oval:gov.nist.fdcc.vista:def:8038 |
NaN |
NaN |
NaN |
NaN |
| CCE-4479-2 |
Auditing of "Policy Change: Other Policy Change Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-205 |
NaN |
NaN |
other-policy-change-events |
oval:gov.nist.fdcc.vista:def:8039 |
NaN |
NaN |
NaN |
NaN |
| CCE-4995-7 |
Auditing of "Policy Change: Other Policy Change Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-787 |
NaN |
NaN |
other-policy-change-events |
oval:gov.nist.fdcc.vista:def:8039 |
NaN |
NaN |
NaN |
NaN |
| CCE-5114-4 |
Auditing of "Privilege Use: Non Sensitive Privilege Use" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-391 |
NaN |
NaN |
non-sensitive-privilege-use |
oval:gov.nist.fdcc.vista:def:8040 |
NaN |
NaN |
NaN |
NaN |
| CCE-4990-8 |
Auditing of "Privilege Use: Non Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-404 |
NaN |
NaN |
non-sensitive-privilege-use |
oval:gov.nist.fdcc.vista:def:8040 |
NaN |
NaN |
NaN |
NaN |
| CCE-5131-8 |
Auditing of "Privilege Use: Other Privilege Use Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1203 |
NaN |
NaN |
other-privilege-use-events |
oval:gov.nist.fdcc.vista:def:8041 |
NaN |
NaN |
NaN |
NaN |
| CCE-4205-1 |
Auditing of "Privilege Use: Privilege Use: Other Privilege Use Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-406 |
NaN |
NaN |
other-privilege-use-events |
oval:gov.nist.fdcc.vista:def:8041 |
NaN |
NaN |
NaN |
NaN |
| CCE-4300-0 |
Auditing of "Privilege Use: Sensitive Privilege Use" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-488 |
NaN |
NaN |
sensitive-privilege-use |
oval:gov.nist.fdcc.vista:def:8042 |
NaN |
NaN |
NaN |
NaN |
| CCE-4734-0 |
Auditing of "Privilege Use: Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1258 |
NaN |
NaN |
sensitive-privilege-use |
oval:gov.nist.fdcc.vista:def:8042 |
NaN |
NaN |
NaN |
NaN |
| CCE-4976-7 |
Auditing of "System: Ipsec Driver" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1177 |
NaN |
NaN |
ipsec-driver |
oval:gov.nist.fdcc.vista:def:8043 |
NaN |
NaN |
NaN |
NaN |
| CCE-4879-3 |
Auditing of "System: Ipsec Driver" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1314 |
NaN |
NaN |
ipsec-driver |
oval:gov.nist.fdcc.vista:def:8043 |
NaN |
NaN |
NaN |
NaN |
| CCE-4998-1 |
Auditing of "System: Other System Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1332 |
NaN |
NaN |
other-system-events |
oval:gov.nist.fdcc.vista:def:8044 |
NaN |
NaN |
NaN |
NaN |
| CCE-4883-5 |
Auditing of "System: Other System Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-337 |
NaN |
NaN |
other-system-events |
oval:gov.nist.fdcc.vista:def:8044 |
NaN |
NaN |
NaN |
NaN |
| CCE-4535-1 |
Auditing of "System: Security State Change" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1121 |
NaN |
NaN |
security-state-change |
oval:gov.nist.fdcc.vista:def:8045 |
NaN |
NaN |
NaN |
NaN |
| CCE-5157-3 |
Auditing of "System: Security State Change" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1139 |
NaN |
NaN |
security-state-change |
oval:gov.nist.fdcc.vista:def:8045 |
NaN |
NaN |
NaN |
NaN |
| CCE-5170-6 |
Auditing of "System: Security System Extension" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1270 |
NaN |
NaN |
security-system-extension |
oval:gov.nist.fdcc.vista:def:8046 |
NaN |
NaN |
NaN |
NaN |
| CCE-4910-6 |
Auditing of "System: Security System Extension" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-1102 |
NaN |
NaN |
security-system-extension |
oval:gov.nist.fdcc.vista:def:8046 |
NaN |
NaN |
NaN |
NaN |
| CCE-5047-6 |
Auditing of "System: System Integrity" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-856 |
NaN |
NaN |
system-integrity |
oval:gov.nist.fdcc.vista:def:8047 |
NaN |
NaN |
NaN |
NaN |
| CCE-4822-3 |
Auditing of "System: System Integrity" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
CCE-336 |
NaN |
NaN |
system-integrity |
oval:gov.nist.fdcc.vista:def:8047 |
NaN |
NaN |
NaN |
NaN |
| CCE-4941-1 |
User notifications when a program is blocked from receiving inbound connections by Windows Firewall should be enabled or disabled as appropriate for the Domain Profile. |
(1) yes/no/not configured |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Settings\Firewall settings\Display a notification |
NaN |
CCE-1047 |
NaN |
NaN |
NaN |
NaN |
domain_profile_display_notification |
oval:gov.nist.fdcc.vistafirewall:def:6518 |
NaN |
NaN |
| CCE-4597-1 |
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Private Profile. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Logging\LogDroppedPackets (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Private Profile\Windows Firewall: Allow Logging - Log Dropped Packets |
NaN |
CCE-325 |
NaN |
NaN |
NaN |
NaN |
private_profile_log_dropped_packets |
oval:gov.nist.fdcc.vistafirewall:def:6411 |
NaN |
NaN |
| CCE-4963-5 |
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Private Profile. |
(1) enable/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Logging\LogSuccessfulConnections (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Private Profile\Windows Firewall: Allow Logging - Log successful connections (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging\Logged successful connections |
NaN |
CCE-327 |
NaN |
NaN |
NaN |
NaN |
private_profile_logged_successful_connections |
oval:gov.nist.fdcc.vistafirewall:def:6412 |
NaN |
NaN |
| CCE-4206-9 |
The log file path and name for the Windows Firewall should be configured correctly for the Private Profile. |
(1) File path |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Logging\LogFilePath (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Private Profile\Windows Firewall: Allow Logging - Log file path and name (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging\Name |
NaN |
CCE-999 |
NaN |
NaN |
NaN |
NaN |
private_profile_name |
oval:gov.nist.fdcc.vistafirewall:def:6413 |
NaN |
NaN |
| CCE-4207-7 |
The log file size limit for the Windows Firewall should be configured correctly for the Private Profile. |
(1) Size limit (KB) |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Logging\LogFileSize (2) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging\Size limit (KB) |
NaN |
CCE-1091 |
NaN |
NaN |
NaN |
NaN |
private_profile_size_limit |
oval:gov.nist.fdcc.vistafirewall:def:6414 |
NaN |
NaN |
| CCE-4507-0 |
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Public Profile. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\LogDroppedPackets (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Public Profile\Windows Firewall: Allow Logging - Log Dropped Packets |
NaN |
CCE-1165 |
NaN |
NaN |
NaN |
NaN |
public_profile_log_dropped_packets |
oval:gov.nist.fdcc.vistafirewall:def:6421 |
NaN |
NaN |
| CCE-5128-4 |
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Public Profile. |
(1) enable/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\LogSuccessfulConnections (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Public Profile\Windows Firewall: Allow Logging - Log successful connections (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging\Logged successful connections |
NaN |
CCE-534 |
NaN |
NaN |
NaN |
NaN |
public_profile_logged_successful_connections |
oval:gov.nist.fdcc.vistafirewall:def:6422 |
NaN |
NaN |
| CCE-4639-1 |
The log file path and name for the Windows Firewall should be configured correctly for the Public Profile. |
(1) File path |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\LogFilePath (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Public Profile\Windows Firewall: Allow Logging - Log file path and name (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging\Name |
NaN |
CCE-1263 |
NaN |
NaN |
NaN |
NaN |
public_profile_name |
oval:gov.nist.fdcc.vistafirewall:def:6423 |
NaN |
NaN |
| CCE-4278-8 |
The log file size limit for the Windows Firewall should be configured correctly for the Public Profile. |
(1) Size limit (KB) |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\LogFileSize (2) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging\Size limit (KB) |
NaN |
CCE-1313 |
NaN |
NaN |
NaN |
NaN |
public_profile_size_limit |
oval:gov.nist.fdcc.vistafirewall:def:6424 |
NaN |
NaN |
| CCE-5146-6 |
The ISATAP tunneling protocol for IPv6 should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\DisableComponents |
NaN |
CCE-1227 |
NaN |
NaN |
disable_isatap_teredo_6to4_tunneling_protocols |
oval:gov.nist.fdcc.vista:def:6566666 |
NaN |
NaN |
NaN |
NaN |
| CCE-5036-9 |
The 6to4 tunneling protocol for IPv6 should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\DisableComponents |
NaN |
CCE-1036 |
NaN |
NaN |
disable_isatap_teredo_6to4_tunneling_protocols |
oval:gov.nist.fdcc.vista:def:6566666 |
NaN |
NaN |
NaN |
NaN |
| CCE-4811-6 |
The Teredo tunneling protocol for IPv6 should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\DisableComponents |
NaN |
CCE-1148 |
NaN |
NaN |
disable_isatap_teredo_6to4_tunneling_protocols |
oval:gov.nist.fdcc.vista:def:6566666 |
NaN |
NaN |
NaN |
NaN |
| CCE-5239-9 |
The "Turn off Help Experience Improvement Program" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: User Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Help Experience Improvement Program |
NaN |
CCE-174 |
NaN |
NaN |
turn_off_help_experience_improvement_program |
oval:gov.nist.fdcc.vista:def:8091 |
NaN |
NaN |
NaN |
NaN |
| CCE-4851-2 |
The "Turn off Help Ratings" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: User Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Help Ratings |
NaN |
CCE-1109 |
NaN |
NaN |
turn_off_help_ratings |
oval:gov.nist.fdcc.vista:def:8090 |
NaN |
NaN |
NaN |
NaN |
| CCE-4294-5 |
The "Create Symbolic Links" user right should be assigned to the appropriate accounts. |
(1) list of accounts |
(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create Symbolic Links |
NaN |
CCE-1176 |
NaN |
NaN |
TBD |
TBD |
NaN |
NaN |
NaN |
NaN |
| CCE-5043-5 |
The screen saver should be enabled or disabled as appropriate for the current user. |
(1) enabled/disabled |
(1) User Configuration\Administrative Templates\Control Panel\Display\Screen Saver (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverActive (3) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-5264-7 |
The "Screen Saver Executable Name" setting should be configured correctly for the current user. |
(1) filename of the screensaver executable |
(1) User Configuration\Administrative Templates\Control Panel\Display\Screen Saver Executable Name (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE (3) HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-5101-1 |
IP Source Routing should be properly configured for IPv6. |
(1) 0 = No additional protection, source routed packets are allowed | 1 = Medium, source routed packets ignored when IP forwarding is enabled | 2 = Highest protection, source routing is completely disabled |
(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) (2) HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-4271-3 |
The "MSS: (TCPMaxDataRetransmissions) IPv6, how many times unacknowledged data is retransmitted (3 recommended, 5 is default)" setting should be configured correctly. |
(1) Numeric value |
(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (TCPMaxDataRetransmissions) IPv6, how many times unacknowledged data is retransmitted (3 recommended, 5 is default) (2) HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\TcpMaxDataRetransmissions |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-4467-7 |
The "User Account Control: Allow UIAccess applications to prompt for elevation" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Allow UIAccess applications to prompt for elevation (2) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-7716-4 |
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly. |
(1) number of seconds |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod |
NaN |
NaN |
screen-saver-grace-period |
oval:com.secure-elements.oval:def:6065 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8458-2 |
The "Access credential Manager as a trusted caller" user right should be assigned to the correct accounts. |
(1) Set of accounts |
(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Access credential Manager as a trusted caller |
NaN |
CCE-389 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-7615-8 |
The "add workstations to domain" user right should be assigned to the correct accounts. |
(1) Set of accounts |
(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Add workstations to domain |
NaN |
CCE-183 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8404-6 |
The default behavior for AutoRun should be properly configured. |
(1) Enabled: Do not execute any autorun commands Enabled: Automatically execute autorun commands Disabled |
(1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutoRun (2) Computer Configuration\Administrative Templates\Windows Components\Autoplay Policies\Default behavior for AutoRun |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8387-3 |
The "Unsigned Driver Installation Behavior" policy should be set correctly. |
(1) Silently succeed | Warn but allow installation | Do not allow installation |
(1) HKLM\Software\Microsoft\Driver Signing\Policy (2) Computer Configuration\Windows Settings\Local Policies\Security Options\Devices: Unsigned driver installation behavior |
NaN |
CCE-413 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8501-9 |
The "Do Not Allow Windows Messenger to be Run" policy should be set correctly. |
(1) enabled/disabled |
(1) HKLM\Software\Policies\Microsoft\Messenger\Client\PreventRun (2) Computer Configuration\Administrative Templates\Windows Components\Windows Messenger\Do not allow Windows Messenger to be run |
NaN |
CCE-802 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8342-8 |
The "Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)" policy should be set correctly. |
(1) enabled/disabled |
(1) HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\sealsecurechannel (2)Computer Configuration\Windows Settings\Local Policies\Security Options\Secure Channel: Digitally Encrypt Secure Channel Data (When Possible) |
NaN |
CCE-601 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8095-2 |
The Autoplay policy "Don't set the always do this checkbox" should be configured correctly. |
(1) enabled/disabled |
(1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontSetAutoplayCheckbox (2) Computer Configuration\Adminsitrative Templates\Windows Components\Autoplay Policies\Don't set the always do this checkbox |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8034-1 |
The "enable computer and user accounts to be trusted for delegation" user right should be assigned to the correct accounts. |
(1) set of accounts |
(1) Computer Configuration\Windows Settings\Local Policies\User Rights Assignment\Enable computer and user accounts to be trusted for delegation |
NaN |
CCE-15 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8250-3 |
Automatic Reboot After System Crash should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments) |
NaN |
CCE-137 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8547-2 |
Administrative Shares should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments) |
NaN |
CCE-512 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8389-9 |
Disable saving of dial-up passwords should be properly configured. |
(1) enabled/disabled |
(1) HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword (2)Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (DisableSavePassword) Prevent the dial-up passsword from being saved (recommended) |
NaN |
CCE-156 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8608-2 |
CD Burning features in Windows Explorer should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoCDBurning (2) User Configuration\Administrative Templates\Windows Components\Windows Explorer\Remove CD Burning features |
NaN |
CCE-113 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-7952-5 |
The "Remove Security tab" setting should be configured correctly. |
(1) enabled/disabled |
(1) GPO Setting: User Configuration\Administrative Templates\Windows Components\Windows Explorer\Remove Security tab |
NaN |
CCE-1022 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-7624-0 |
The "System cryptography: Force strong key protection for user keys stored on the computer" policy should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) HKLM\Software\Policies\Microsoft\Cryptography\ForceKeyProtection (2) Computer Configuration\Windows Settings\Local Policies\Security Options\System cryptography: Force strong key protection for user keys stored on the computer |
NaN |
CCE-647 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-7621-6 |
The "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies" setting should be configured properly. |
(1) enabled/disabled |
(1) HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled (2) Computer Configuration\Windows Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies |
NaN |
CCE-572 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8470-7 |
The Windows Firewall "Allow ICMP exceptions" policy should be enabled or disabled as appropriate for the Domain Profile. |
(1) enabled/disabled |
(1) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall \Domain Profile\Allow ICMP exceptions |
NaN |
CCE-277 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-7629-9 |
The Windows Firewall "Define inbound program exceptions" policy should be enabled or disabled as appropriate for the Domain Profile. |
(1) enabled/disabled |
(1) HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\Enabled (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Define inbound program exceptions |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8516-7 |
The Windows Firewall inbound program exceptions list should be set appropriately for the Domain Profile. |
(1) List of programs |
(1) HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\Enabled (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Define inbound program exceptions |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-8188-5 |
The Windows Firewall "Allow ICMP exceptions" policy should be enabled or disabled as appropriate for the Standard Profile. |
(1) enabled/disabled |
(1) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall \Standard Profile\Allow ICMP exceptions |
NaN |
CCE-797 |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
| CCE-18588-4 |
The 'Audit Credential Validation' setting should be configured correctly. |
No auditing/Success/Failure/Success and Failure |
(1) Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Credential Validation |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
Audit_Credential_Validation |
oval:gov.nist.usgcb.vista:def:20037 |
| CCE-18891-2 |
The Windows Vista 'Games' feature should be turned on or off as appropriate. |
on/off |
(1) Control Panel\Programs and Features\Turn Windows features on or off\Games (2) %Program Files%\Microsoft Games |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
games |
oval:gov.nist.usgcb.vista:def:20000 |
| CCE-18279-0 |
The Windows Vista 'Internet Information Services' feature should be turned on or off as appropriate. |
on/off |
(1) Control Panel\Programs and Features\Turn Windows features on or off\Internet Information Services (2) HKLM\SYSTEM\CurrentControlSet\Services\W3Svc\DisplayName |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
Internet_Information_Services |
oval:gov.nist.usgcb.vista:def:20001 |
| CCE-18624-7 |
The Windows Vista 'SimpleTCP Services' feature should be turned on or off as appropriate. |
on/off |
(1) Control Panel\Programs and Features\Turn Windows features on or off\SimpleTCP Services (2) HKLM\SYSTEM\CurrentControlSet\Services\simptcp\DisplayName |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
Simple_TCPIP_Services |
oval:gov.nist.usgcb.vista:def:20002 |
| CCE-18129-7 |
The Windows Vista 'Telnet Client' feature should be turned on or off as appropriate. |
on/off |
(1) Control Panel\Programs and Features\Turn Windows features on or off\Telnet Client (2) %windir%\system32\telnet.exe |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
Telnet_Client |
oval:gov.nist.usgcb.vista:def:20003 |
| CCE-18284-0 |
The Windows Vista 'Telnet Server' feature should be turned on or off as appropriate. |
on/off |
(1) Control Panel\Programs and Features\Turn Windows features on or off\Telnet Server (2) HKLM\SYSTEM\CurrentControlSet\Services\tlntsvr |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
Telnet_Server |
oval:gov.nist.usgcb.vista:def:20004 |
| CCE-18700-5 |
The Windows Vista 'TFTP Client' feature should be turned on or off as appropriate. |
on/off |
(1) Control Panel\Programs and Features\Turn Windows features on or off\TFTP Client (2) %windir%\system32\tftp.exe |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
TFTP_Client |
oval:gov.nist.usgcb.vista:def:20005 |
| CCE-18689-0 |
The Windows Vista 'Windows Media Center' feature should be turned on or off as appropriate. |
on/off |
(1) Control Panel\Programs and Features\Turn Windows features on or off\Windows Media Center (2) %windir%\ehome\ehshell.exe |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
Windows_Media_Center |
oval:gov.nist.usgcb.vista:def:20006 |
| CCE-18320-2 |
The 'Core Networking - Dynamic Host Configuration Protocol (DHCP-In)' Windows Firewall rule should be configured correctly. |
(1) Enabled\Not Enabled (2) Allow the connection\Allow the connection if it is secure(Allow the connection if it is authenticated and integrity-protected\Require the connection to be encrypted\Allow the computers to dynamically negotiate encryption\Allow the connection to use null encapsulation\Override block rules)\Block the connection (3) List of authorized computers (4) List of computer exceptions (5) List of local IP address that limit the scope (6) List of remote IP address that limit the scope (7) Profiles: Domain\Private\Public (8) All interface types\These interface types (Local area network/Remote access\Wireless) (9) Block edge traversal\Allow edge traversal\Defer to user\Defer to application (10) List of authorized users (11) List of user exceptions |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\CoreNet-DHCP-In!v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000| (2) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Inbound Rules\Core Networking - Dynamic Host Configuration Protocol (DHCP-In) |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
domain_profile_Core_Networking_DHCP_In |
oval:gov.nist.USGCB.vistafirewall:def:20940 |
| CCE-18987-8 |
The 'Turn off game updates' setting should be configured correctly. |
enabled/disabled |
(1) HKLM\Software\Policies\Microsoft\Windows\GameUX!GameUpdateOptions (2) Computer Configuration\Administrative Templates\Windows Components\Game Explorer\Turn off game updates |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
turn_off_game_updates |
oval:gov.nist.usgcb.windowsvista:def:100010 |
| CCE-18388-9 |
The 'Enable/Disable PerfTrack' setting should be configured correctly. |
enabled/disabled |
(1) HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}!ScenarioExecutionEnabled (2) Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Performance PerfTrack\Enable/Disable PerfTrack |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
enable_disable_perftrack |
oval:gov.nist.usgcb.windowsvista:def:100066 |
| CCE-18220-4 |
DEPRECATED. [Was: "The 'Configure Windows NTP Client' setting should be configured correctly." The enabled/disabled/not configured status of this GPO (see CCE Technical Mechanisms) does not itself affect the configuration of aspects of the Windows NTP Client; it only controls whether Group Policy is used to set those options.] |
Not configured\Enabled \Disabled |
(1) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
configure_windows_ntp_client |
oval:gov.nist.usgcb.vista:def:100215 |
| CCE-18356-6 |
The 'Configure Windows NTP Client\CrossSiteSyncFlags' option should be configured correctly. |
None (0) / Primary Domain Controllers only (1) / All (2) |
(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!CrossSiteSyncFlags (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\CrossSiteSyncFlags |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
configure_windows_ntp_client |
oval:gov.nist.usgcb.vista:def:100215 |
| CCE-18589-2 |
The 'Configure Windows NTP Client\EventLogFlags' option should be configured correctly. |
No events (0) / Time jump events (1) / Time source change events (2) / Both time jump and time source change events (3) |
(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!EventLogFlags (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\EventLogFlags |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
configure_windows_ntp_client |
oval:gov.nist.usgcb.vista:def:100215 |
| CCE-18626-2 |
The 'Configure Windows NTP Client\NtpServer' option should be configured correctly. |
DNS name or IP address of an NTP time source |
(1) HKLM\Software\Policies\Microsoft\W32time\Parameters!NtpServer (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\NtpServer |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
configure_windows_ntp_client |
oval:gov.nist.usgcb.vista:def:100215 |
| CCE-18386-3 |
The 'Configure Windows NTP Client\ResolvePeerBackoffMaxTimes' option should be configured correctly. |
maximum number of DNS resolution attempts by W32time, with the delay period doubling between each attempt, before the resolution process is restarted (0 to 9999) |
(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!ResolvePeerBackoffMaxTimes (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\ResolvePeerBackoffMaxTimes |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
configure_windows_ntp_client |
oval:gov.nist.usgcb.vista:def:100215 |
| CCE-18324-4 |
The 'Configure Windows NTP Client\ResolvePeerBackoffMinutes' option should be configured correctly. |
number of minutes (between 0 and 9999) |
(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!ResolvePeerBackoffMinutes (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\ResolvePeerBackoffMinutes |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
configure_windows_ntp_client |
oval:gov.nist.usgcb.vista:def:100215 |
| CCE-18594-2 |
The 'Configure Windows NTP Client\SpecialPollInterval' option should be configured correctly. |
number of seconds (between 0 and 4294967295) |
(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!SpecialPollInterval (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\SpecialPollInterval |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
configure_windows_ntp_client |
oval:gov.nist.usgcb.vista:def:100215 |
| CCE-18115-6 |
The 'Configure Windows NTP Client\Type' option should be configured correctly. |
NoSync\NTP\NT5DS\AllSync |
(1) HKLM\Software\Policies\Microsoft\W32time\Parameters!Type (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\Type |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
configure_windows_ntp_client |
oval:gov.nist.usgcb.vista:def:100215 |
| CCE-18938-1 |
The 'Specify the System Hibernate Timeout (On Battery)' setting should be configured correctly. |
number of seconds seconds (0 to 4294967295) |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364\DCSettingIndex!3600 (2) Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Hibernate Timeout (On Battery) |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
Specify_the_System_Hibernate_Timeout_On_Battery |
oval:gov.nist.usgcb.vista:def:20020 |
| CCE-18358-2 |
The 'Specify the System Hibernate Timeout (Plugged In)' setting should be configured correctly. |
number of seconds seconds (0 to 4294967295) |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364\ACSettingIndex!3600 (2) Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Hibernate Timeout (Plugged In) |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
Specify_the_System_Hibernate_Timeout_Plugged_in |
oval:gov.nist.usgcb.vista:def:20021 |
| CCE-18686-6 |
The 'Turn off the Display (On Battery)' setting should be configured correctly. |
number of seconds seconds (0 to 4294967295) |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E\DCSettingIndex!1200 (2) Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn off the Display (On Battery) |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
Turn_off_the_Display_On_Battery |
oval:gov.nist.usgcb.vista:def:20022 |
| CCE-18303-8 |
The 'Turn off the Display (Plugged In)' setting should be configured correctly. |
number of seconds seconds (0 to 4294967295) |
(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E\ACSettingIndex!1200 (2) Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn off the Display (Plugged In) |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
Turn_off_the_Display_Plugged_In |
oval:gov.nist.usgcb.vista:def:20023 |
| CCE-18881-3 |
The 'Extend Point and Print connection to search Windows Update' setting should be configured correctly. |
enabled/disabled |
(1) HKLM\Software\Policies\Microsoft\Windows NT\Printers!DoNotInstallCompatibleDriverFromWindowsUpdate (2) Computer Configuration\Administrative Templates\Printers\Extend Point and Print connection to search Windows Update |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
extend_point_and_print_connection_to_search_windows_update_and_use_alternate_connection_if_needed |
oval:gov.nist.usgcb.windowsvista:def:100035 |
| CCE-18715-3 |
The 'Allow users to connect remotely using Terminal Services' setting should be configured correctly. |
enabled/disabled |
(1) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDenyTSConnections (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services Services\Terminal Servicer\Connections\Allow users to connect remotely using Terminal Services |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
allow_users_to_connect_remotely_using_remote_desktop_services |
oval:gov.nist.usgcb.vista:def:20020 |
| CCE-18414-3 |
The 'Do not delete temp folder upon exit' setting should be configured correctly. |
enabled/disabled |
(1) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteTempDirsOnExit (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services Services\Terminal Servicer\Connections\Do not delete temp folder upon exit |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
do_not_delete_temp_folders_upon_exit |
oval:gov.nist.usgcb.vista:def:100013 |
| CCE-18913-4 |
The 'Do not use temporary folders per session' setting should be configured correctly. |
enabled/disabled |
(1) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!PerSessionTempDir (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services Services\Terminal Servicer\Connections\Do not use temporary folders per session |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
NaN |
do_not_use_temporary_folders_per_session |
oval:gov.nist.usgcb.vista:def:100014 |