| NaN |
Version: 5.20120314 |
NaN |
NaN |
NaN |
NaN |
| CCE ID |
CCE Description |
CCE Parameters |
CCE Technical Mechanisms |
NaN |
Windows Server 2008 Security Guide Spreadsheet (Windows Server 2008 Security Guide Settings.xls) |
| CCE-1841-6 |
Auditing of "Security System Extension" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
System / Security System Extension |
| CCE-2348-1 |
Auditing of "System Integrity" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
System / System Integrity |
| CCE-2608-8 |
Auditing of "IPsec Driver" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
System / IPsec Driver |
| CCE-2022-2 |
Auditing of "Other System Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
System / Other System Events |
| CCE-2414-1 |
Auditing of "Security State Change" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
System / Security State Change |
| CCE-2441-4 |
Auditing of "Logon" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / Logon |
| CCE-2569-2 |
Auditing of "Logoff" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / Logoff |
| CCE-2110-5 |
Auditing of "Account Lockout" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / Account Lockout |
| CCE-2260-8 |
Auditing of "IPsec Main Mode" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / IPsec Main Mode |
| CCE-2064-4 |
Auditing of "IPsec Quick Mode" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / IPsec Quick Mode |
| CCE-2350-7 |
Auditing of "IPsec Extended Mode" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / IPsec Extended Mode |
| CCE-2610-4 |
Auditing of "Special Logon" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / Special Logon |
| CCE-2615-3 |
Auditing of "Other Logon/Logoff Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / Other Logon/Logoff Events |
| CCE-2373-9 |
Auditing of "Network Policy Server" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / Network Policy Server |
| CCE-2531-2 |
Auditing of "File System" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / File System |
| CCE-2553-6 |
Auditing of "Registry" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Registry |
| CCE-2417-4 |
Auditing of "Kernel Object" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Kernel Object |
| CCE-2465-3 |
Auditing of "SAM" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / SAM |
| CCE-2095-8 |
Auditing of "Certification Services" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Certification Services |
| CCE-2368-9 |
Auditing of "Application Generated" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Application Generated |
| CCE-2408-3 |
Auditing of "Handle Manipulation" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Handle Manipulation |
| CCE-2601-3 |
Auditing of "File Share" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / File Share |
| CCE-2482-8 |
Auditing of "Filtering Platform Packet Drop" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Filtering Platform Packet Drop |
| CCE-2504-9 |
Auditing of "Filtering Platform Connection" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Filtering Platform Connection |
| CCE-2033-9 |
Auditing of "Other Object Access Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Other Object Access Events |
| CCE-2205-3 |
Auditing of "Sensitive Privilege Use" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Privilege Use / Sensitive Privilege Use |
| CCE-2104-8 |
Auditing of "Non Sensitive Privilege Use" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Privilege Use / Non Sensitive Privilege Use |
| CCE-2386-1 |
Auditing of "Other Privilege Use Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Privilege Use / Other Privilege Use Events |
| CCE-2518-9 |
Auditing of "Process Termination" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Detailed Tracking / Process Termination |
| CCE-2522-1 |
Auditing of "DPAPI Activity" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Detailed Tracking / DPAPI Activity |
| CCE-2544-5 |
Auditing of "RPC Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Detailed Tracking / RPC Events |
| CCE-2002-4 |
Auditing of "Process Creation" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Detailed Tracking / Process Creation |
| CCE-2433-1 |
Auditing of "Audit Policy Change" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Policy Change / Audit Policy Change |
| CCE-2566-8 |
Auditing of "Authentication Policy Change" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Policy Change / Authentication Policy Change |
| CCE-2570-0 |
Auditing of "Authorization Policy Change" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Policy Change / Authorization Policy Change |
| CCE-2464-6 |
Auditing of "MPSSVC Rule-Level Policy Change" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Policy Change / MPSSVC Rule-Level Policy Change |
| CCE-2614-6 |
Auditing of "Filtering Platform Policy Change" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Policy Change / Filtering Platform Policy Change |
| CCE-2385-3 |
Auditing of "Other Policy Change Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Policy Change / Other Policy Change Events |
| CCE-2394-5 |
Auditing of "User Account Management" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Management / User Account Management |
| CCE-2288-9 |
Auditing of "Computer Account Management" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Management / Computer Account Management |
| CCE-2443-0 |
Auditing of "Security Group Management" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Management / Security Group Management |
| CCE-1642-8 |
Auditing of "Distribution Group Management" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Management / Distribution Group Management |
| CCE-2468-7 |
Auditing of "Application Group Management" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Management / Application Group Management |
| CCE-2485-1 |
Auditing of "Other Account Management Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Management / Other Account Management Events |
| CCE-2367-1 |
Auditing of "Directory Service Access" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
DS Access / Directory Service Access |
| CCE-2635-1 |
Auditing of "Directory Service Changes" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
DS Access / Directory Service Changes |
| CCE-2534-6 |
Auditing of "Directory Service Replication" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
DS Access / Directory Service Replication |
| CCE-2556-9 |
Auditing of "Detailed Directory Service Replication" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
DS Access / Detailed Directory Service Replication |
| CCE-2586-6 |
Auditing of "Kerberos Authentication Service" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Logon / Kerberos Authentication Service |
| CCE-2463-8 |
Auditing of " Credential Validation" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Logon / Credential Validation |
| CCE-2405-9 |
Auditing of "Kerberos Service Ticket Operations" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Logon / Kerberos Service Ticket Operations |
| CCE-1678-2 |
Auditing of "Other Account Logon Events" events on success should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Logon / Other Account Logon Events |
| CCE-2545-2 |
Auditing of "Security System Extension" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
System / Security System Extension |
| CCE-2440-6 |
Auditing of "System Integrity" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
System / System Integrity |
| CCE-2351-5 |
Auditing of "IPsec Driver" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
System / IPsec Driver |
| CCE-2193-1 |
Auditing of "Other System Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
System / Other System Events |
| CCE-2448-9 |
Auditing of "Security State Change" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
System / Security State Change |
| CCE-2470-3 |
Auditing of "Logon" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / Logon |
| CCE-2616-1 |
Auditing of "Logoff" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / Logoff |
| CCE-1889-5 |
Auditing of "Account Lockout" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / Account Lockout |
| CCE-2409-1 |
Auditing of "IPsec Main Mode" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / IPsec Main Mode |
| CCE-2536-1 |
Auditing of "IPsec Quick Mode" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / IPsec Quick Mode |
| CCE-2267-3 |
Auditing of "IPsec Extended Mode" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / IPsec Extended Mode |
| CCE-2558-5 |
Auditing of "Special Logon" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / Special Logon |
| CCE-1968-7 |
Auditing of "Other Logon/Logoff Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / Other Logon/Logoff Events |
| CCE-2575-9 |
Auditing of "Network Policy Server" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Logon/Logoff / Network Policy Server |
| CCE-2488-5 |
Auditing of "File System" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / File System |
| CCE-2505-6 |
Auditing of "Registry" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Registry |
| CCE-2195-6 |
Auditing of "Kernel Object" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Kernel Object |
| CCE-1961-2 |
Auditing of "SAM" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / SAM |
| CCE-2358-0 |
Auditing of "Certification Services" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Certification Services |
| CCE-2622-9 |
Auditing of "Application Generated" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Application Generated |
| CCE-2503-1 |
Auditing of "Handle Manipulation" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Handle Manipulation |
| CCE-2402-6 |
Auditing of "File Share" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / File Share |
| CCE-2292-1 |
Auditing of "Filtering Platform Packet Drop" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Filtering Platform Packet Drop |
| CCE-2437-2 |
Auditing of "Filtering Platform Connection" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Filtering Platform Connection |
| CCE-2583-3 |
Auditing of "Other Object Access Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Object Access / Other Object Access Events |
| CCE-2349-9 |
Auditing of "Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) via auditpol |
NaN |
Privilege Use / Sensitive Privilege Use |
| CCE-2605-4 |
Auditing of "Non Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Privilege Use / Non Sensitive Privilege Use |
| CCE-2371-3 |
Auditing of "Other Privilege Use Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Privilege Use / Other Privilege Use Events |
| CCE-2389-5 |
Auditing of "Process Termination" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Detailed Tracking / Process Termination |
| CCE-2604-7 |
Auditing of "DPAPI Activity" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Detailed Tracking / DPAPI Activity |
| CCE-2498-4 |
Auditing of "RPC Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Detailed Tracking / RPC Events |
| CCE-2375-4 |
Auditing of "Process Creation" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Detailed Tracking / Process Creation |
| CCE-2269-9 |
Auditing of "Audit Policy Change" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Policy Change / Audit Policy Change |
| CCE-2151-9 |
Auditing of "Authentication Policy Change" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Policy Change / Authentication Policy Change |
| CCE-2459-6 |
Auditing of "Authorization Policy Change" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Policy Change / Authorization Policy Change |
| CCE-2353-1 |
Auditing of "MPSSVC Rule-Level Policy Change" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Policy Change / MPSSVC Rule-Level Policy Change |
| CCE-2490-1 |
Auditing of "Filtering Platform Policy Change" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Policy Change / Filtering Platform Policy Change |
| CCE-1759-0 |
Auditing of "Other Policy Change Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Policy Change / Other Policy Change Events |
| CCE-2411-7 |
Auditing of "User Account Management" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Management / User Account Management |
| CCE-2415-8 |
Auditing of "Computer Account Management" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Management / Computer Account Management |
| CCE-2560-1 |
Auditing of "Security Group Management" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Management / Security Group Management |
| CCE-2273-1 |
Auditing of "Distribution Group Management" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Management / Distribution Group Management |
| CCE-2542-9 |
Auditing of "Application Group Management" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Management / Application Group Management |
| CCE-2062-8 |
Auditing of "Other Account Management Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Management / Other Account Management Events |
| CCE-1926-5 |
Auditing of "Directory Service Access" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
DS Access / Directory Service Access |
| CCE-2445-5 |
Auditing of "Directory Service Changes" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
DS Access / Directory Service Changes |
| CCE-1718-6 |
Auditing of "Directory Service Replication" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
DS Access / Directory Service Replication |
| CCE-2489-3 |
Auditing of "Detailed Directory Service Replication" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
DS Access / Detailed Directory Service Replication |
| CCE-2511-4 |
Auditing of "Kerberos Authentication Service" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Logon / Kerberos Authentication Service |
| CCE-2516-3 |
Auditing of " Credential Validation" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Logon / Credential Validation |
| CCE-2291-3 |
Auditing of "Kerberos Service Ticket Operations" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Logon / Kerberos Service Ticket Operations |
| CCE-2564-3 |
Auditing of "Other Account Logon Events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) via auditpol |
NaN |
Account Logon / Other Account Logon Events |
| CCE-2251-7 |
Auditing of "Audit account logon events" events on sucess should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit account logon events |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit account logon events |
| CCE-2211-1 |
Auditing of "Audit account management" events on sucess should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit account management |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit account management |
| CCE-2215-2 |
Auditing of "Audit directory service access" events on sucess should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit directory service access |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit directory service access |
| CCE-2242-6 |
Auditing of "Audit logon events" events on sucess should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit logon events |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit logon events |
| CCE-2136-0 |
Auditing of "Audit object access" events on sucess should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit object access |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit object access |
| CCE-2268-1 |
Auditing of "Audit policy change" events on sucess should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit policy change |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit policy change |
| CCE-2035-4 |
Auditing of "Audit privilege use" events on sucess should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit privilege use |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit privilege use |
| CCE-2295-4 |
Auditing of "Audit process tracking" events on sucess should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit process tracking (2) Audit Policy security settings are not registry keys. |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit process tracking |
| CCE-1837-4 |
Auditing of "Audit system events" events on sucess should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit system events |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit system events |
| CCE-1779-8 |
Auditing of "Audit account logon events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit account logon events |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit account logon events |
| CCE-2538-7 |
Auditing of "Audit account management" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit account management |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit account management |
| CCE-2582-5 |
Auditing of "Audit directory service access" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit directory service access |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit directory service access |
| CCE-2574-2 |
Auditing of "Audit logon events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit logon events |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit logon events |
| CCE-2217-8 |
Auditing of "Audit object access" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit object access |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit object access |
| CCE-2512-2 |
Auditing of "Audit policy change" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit policy change |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit policy change |
| CCE-2265-7 |
Auditing of "Audit privilege use" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit privilege use |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit privilege use |
| CCE-1895-2 |
Auditing of "Audit process tracking" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit process tracking |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit process tracking |
| CCE-1939-8 |
Auditing of "Audit system events" events on failure should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit system events |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit system events |
| CCE-2026-3 |
The "Access credential Manager as a trusted caller" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Access credential Manager as a trusted caller |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Access credential Manager as a trusted caller |
| CCE-2075-0 |
The "Access this computer from the network (SeNetworkLogonRight)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Access this computer from the network (SeNetworkLogonRight) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Access this computer from the network (SeNetworkLogonRight) |
| CCE-2079-2 |
The "Act as part of the operating system (SeTcbPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Act as part of the operating system (SeTcbPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Act as part of the operating system (SeTcbPrivilege) |
| CCE-2246-7 |
The "Add workstations to domain" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Add workstations to domain |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Add workstations to domain |
| CCE-2004-0 |
The "Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Adjust memory quotas for a process (SeIncreaseQuotaPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Adjust memory quotas for a process (SeIncreaseQuotaPrivilege) |
| CCE-2286-3 |
The "Allow log on locally" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Allow log on locally |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Allow log on locally |
| CCE-2308-5 |
The "Allow log on through Terminal Services (SeRemoteInteractiveLogonRight)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Allow log on through Terminal Services (SeRemoteInteractiveLogonRight) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Allow log on through Terminal Services (SeRemoteInteractiveLogonRight) |
| CCE-1321-9 |
The "Back up files and directories (SeBackupPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Back up files and directories (SeBackupPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Back up files and directories (SeBackupPrivilege) |
| CCE-2285-5 |
The "Bypass traverse checking (SeChangeNotifyPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Bypass traverse checking (SeChangeNotifyPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Bypass traverse checking (SeChangeNotifyPrivilege) |
| CCE-2290-5 |
The "Change the system time (SeSystemTimePrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Change the system time (SeSystemTimePrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Change the system time (SeSystemTimePrivilege) |
| CCE-2171-7 |
The "Change the time zone" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Change the time zone |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Change the time zone |
| CCE-1328-4 |
The "Create a pagefile (SeCreatePagefilePrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create a pagefile (SeCreatePagefilePrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create a pagefile (SeCreatePagefilePrivilege) |
| CCE-1491-0 |
The "Create a token object (SeCreateTokenPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create a token object (SeCreateTokenPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create a token object (SeCreateTokenPrivilege) |
| CCE-2226-9 |
The "Create global objects (SeCreateGlobalPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create global objects (SeCreateGlobalPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create global objects (SeCreateGlobalPrivilege) |
| CCE-1341-7 |
The "Create permanent shared objects" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create permanent shared objects |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create permanent shared objects |
| CCE-2305-1 |
The "Create symbolic links" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create symbolic links |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create symbolic links |
| CCE-2310-1 |
The "Debug programs (SeDebugPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Debug programs (SeDebugPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Debug programs (SeDebugPrivilege) |
| CCE-2314-3 |
The "Deny access to this computer from the network (SeDenyNetworkLogonRight)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny access to this computer from the network (SeDenyNetworkLogonRight) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny access to this computer from the network (SeDenyNetworkLogonRight) |
| CCE-1834-1 |
The "Deny log on as a batch job (SeDenyBatchLogonRight)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on as a batch job (SeDenyBatchLogonRight) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on as a batch job (SeDenyBatchLogonRight) |
| CCE-2296-2 |
The "Deny log on locally (SeDenyInteractiveLogonRight)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on locally (SeDenyInteractiveLogonRight) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on locally (SeDenyInteractiveLogonRight) |
| CCE-1944-8 |
The "Deny log on as a service (SeDenyServiceLogonRight)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on as a service (SeDenyServiceLogonRight) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on as a service (SeDenyServiceLogonRight) |
| CCE-2102-2 |
The "Deny log on through Terminal Services (SeDenyRemoteInteractiveLogonRight)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on through Terminal Services (SeDenyRemoteInteractiveLogonRight) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on through Terminal Services (SeDenyRemoteInteractiveLogonRight) |
| CCE-1481-1 |
The "Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege) |
| CCE-1750-9 |
The "Force shutdown from a remote system (SeRemoteShutdownPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Force shutdown from a remote system (SeRemoteShutdownPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Force shutdown from a remote system (SeRemoteShutdownPrivilege) |
| CCE-2129-5 |
The "Generate security audits (SeAuditPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Generate security audits (SeAuditPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Generate security audits (SeAuditPrivilege) |
| CCE-1346-6 |
The "Impersonate a client after authentication" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Impersonate a client after authentication |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Impersonate a client after authentication |
| CCE-2306-9 |
The "Increase a process working set" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Increase a process working set |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Increase a process working set |
| CCE-2328-3 |
The "Increase scheduling priority (SeIncreaseBasePriorityPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Increase scheduling priority (SeIncreaseBasePriorityPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Increase scheduling priority (SeIncreaseBasePriorityPrivilege) |
| CCE-1455-5 |
The "Load and unload device drivers (SeLoadDriverPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Load and unload device drivers (SeLoadDriverPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Load and unload device drivers (SeLoadDriverPrivilege) |
| CCE-2332-5 |
The "Lock pages in memory (SeLockMemoryPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Lock pages in memory (SeLockMemoryPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Lock pages in memory (SeLockMemoryPrivilege) |
| CCE-1975-2 |
The "Log on as a batch job (SeBatchLogonRight)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Log on as a batch job (SeBatchLogonRight) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Log on as a batch job (SeBatchLogonRight) |
| CCE-2270-7 |
The "Log on as a service (SeServiceLogonRight)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Log on as a service (SeServiceLogonRight) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Log on as a service (SeServiceLogonRight) |
| CCE-1843-2 |
The "Manage auditing and security log (SeSecurityPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Manage auditing and security log (SeSecurityPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Manage auditing and security log (SeSecurityPrivilege) |
| CCE-2142-8 |
The "Modify an object label" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Modify an object label |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Modify an object label |
| CCE-2257-4 |
The "Modify firmware environment values (SeSystemEnvironmentPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Modify firmware environment values (SeSystemEnvironmentPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Modify firmware environment values (SeSystemEnvironmentPrivilege) |
| CCE-1383-9 |
The "Perform volume maintenance tasks (SeManageVolumePrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Perform volume maintenance tasks (SeManageVolumePrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Perform volume maintenance tasks (SeManageVolumePrivilege) |
| CCE-2360-6 |
The "Profile single process (SeProfileSingleProcessPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Profile single process (SeProfileSingleProcessPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Profile single process (SeProfileSingleProcessPrivilege) |
| CCE-2113-9 |
The "Profile system performance (SeSystemProfilePrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Profile system performance (SeSystemProfilePrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Profile system performance (SeSystemProfilePrivilege) |
| CCE-2382-0 |
The "Remove computer from docking station (SeUndockPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Remove computer from docking station (SeUndockPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Remove computer from docking station (SeUndockPrivilege) |
| CCE-1527-1 |
The "Replace a process level token (SeAssignPrimaryTokenPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Replace a process level token (SeAssignPrimaryTokenPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Replace a process level token (SeAssignPrimaryTokenPrivilege) |
| CCE-2294-7 |
The "Restore files and directories (SeRestorePrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Restore files and directories (SeRestorePrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Restore files and directories (SeRestorePrivilege) |
| CCE-2078-4 |
The "Shut down the system (SeShutdownPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Shut down the system (SeShutdownPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Shut down the system (SeShutdownPrivilege) |
| CCE-2137-8 |
The "Synchronize directory service data" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Synchronize directory service data |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Synchronize directory service data |
| CCE-2506-4 |
The "Take ownership of files or other objects (SeTakeOwnershipPrivilege)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Take ownership of files or other objects (SeTakeOwnershipPrivilege) |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Take ownership of files or other objects (SeTakeOwnershipPrivilege) |
| CCE-2337-4 |
The "Accounts: Administrator account status" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Administrator account status |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Administrator account status |
| CCE-2342-4 |
The "Accounts: Guest account status" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Guest account status |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Guest account status |
| CCE-2364-8 |
The "Accounts: Limit local account use of blank passwords to console logon only" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Limit local account use of blank passwords to console logon only (2) MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Limit local account use of blank passwords to console logon only |
| CCE-2227-7 |
The "Accounts: Rename administrator account" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Rename administrator account |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Rename administrator account |
| CCE-2372-1 |
The "Accounts: Rename guest account" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Rename guest account |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Rename guest account |
| CCE-1751-7 |
The "Audit: Audit the access of global system objects" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Audit the access of global system objects (2) MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Audit the access of global system objects |
| CCE-1773-1 |
The "Audit: Audit the use of Backup and Restore privilege" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Audit the use of Backup and Restore privilege (2) MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Audit the use of Backup and Restore privilege |
| CCE-2276-4 |
The "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings (2) MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings |
| CCE-2315-0 |
The "Audit: Shut down system immediately if unable to log security audits" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Shut down system immediately if unable to log security audits (2) MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Shut down system immediately if unable to log security audits |
| CCE-2196-4 |
The "DCOM: Machine access restrictions in Security Descriptor Definition Language (SDDL) syntax" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/DCOM: Machine access restrictions in Security Descriptor Definition Language (SDDL) syntax |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/DCOM: Machine access restrictions in Security Descriptor Definition Language (SDDL) syntax |
| CCE-2201-2 |
The "DCOM: Machine launch restrictions in Security Descriptor Definition Language (SDDL) syntax" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/DCOM: Machine launch restrictions in Security Descriptor Definition Language (SDDL) syntax |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/DCOM: Machine launch restrictions in Security Descriptor Definition Language (SDDL) syntax |
| CCE-2249-1 |
The "Devices: Allow undock without having to log on" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Allow undock without having to log on (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Allow undock without having to log on |
| CCE-2377-0 |
The "Devices: Allowed to format and eject removable media" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Allowed to format and eject removable media (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Allowed to format and eject removable media |
| CCE-2152-7 |
The "Devices: Prevent users from installing printer drivers" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Prevent users from installing printer drivers (2) MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Prevent users from installing printer drivers |
| CCE-1390-4 |
The "Devices: Restrict CD-ROM access to locally logged-on user only" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Restrict CD-ROM access to locally logged-on user only (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Restrict CD-ROM access to locally logged-on user only |
| CCE-2383-8 |
The "Devices: Restrict floppy access to locally logged-on user only" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Restrict floppy access to locally logged-on user only (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Restrict floppy access to locally logged-on user only |
| CCE-2049-5 |
The "Domain Controller: Allow server operators to schedule tasks" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: Allow server operators to schedule tasks |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: Allow server operators to schedule tasks |
| CCE-2317-6 |
The "Domain Controller: LDAP server signing requirements" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: LDAP server signing requirements |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: LDAP server signing requirements |
| CCE-1934-9 |
The "Domain Controller: Refuse machine account password changes" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: Refuse machine account password changes |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: Refuse machine account password changes |
| CCE-2203-8 |
The "Domain member: Digitally encrypt or sign secure channel data (always)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Digitally encrypt or sign secure channel data (always) (2) MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Digitally encrypt or sign secure channel data (always) |
| CCE-1868-9 |
The "Domain member: Digitally encrypt secure channel data (when possible)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Digitally encrypt secure channel data (when possible) (2) MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Digitally encrypt secure channel data (when possible) |
| CCE-2362-2 |
The "Domain member: Digitally sign secure channel data (when possible)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Digitally sign secure channel data (when possible) (2) MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Digitally sign secure channel data (when possible) |
| CCE-2256-6 |
The "Domain member: Disable machine account password changes" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Disable machine account password changes (2) MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Disable machine account password changes |
| CCE-2278-0 |
The "Domain member: Maximum machine account password age" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Maximum machine account password age (2) MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Maximum machine account password age |
| CCE-1802-8 |
The "Domain member: Require strong (Windows 2000 or later) session key" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Require strong (Windows 2000 or later) session key (2) MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Require strong (Windows 2000 or later) session key |
| CCE-2199-8 |
The "Interactive logon: Do not display last user name" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Do not display last user name (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Do not display last user name |
| CCE-2331-7 |
The "Interactive logon: Do not require CTRL+ALT+DEL" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Do not require CTRL+ALT+DEL (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Do not require CTRL+ALT+DEL |
| CCE-2225-1 |
The "Interactive logon: Message text for users attempting to log on" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Message text for users attempting to log on (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Message text for users attempting to log on |
| CCE-2037-0 |
The "Interactive logon: Message title for users attempting to log on" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Message title for users attempting to log on (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Message title for users attempting to log on |
| CCE-2297-0 |
The "Interactive logon: Number of previous logons to cache (in case domain controller is not available)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Number of previous logons to cache (in case domain controller is not available) (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Number of previous logons to cache (in case domain controller is not available) |
| CCE-2324-2 |
The "Interactive logon: Prompt user to change password before expiration" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Prompt user to change password before expiration (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Prompt user to change password before expiration |
| CCE-2346-5 |
The "Interactive logon: Require Domain Controller authentication to unlock workstation" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Require Domain Controller authentication to unlock workstation (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Require Domain Controller authentication to unlock workstation |
| CCE-2223-6 |
The "Interactive logon: Require smart card" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Require smart card |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Require smart card |
| CCE-1448-0 |
The "Interactive logon: Smart card removal behavior" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Smart card removal behavior (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Smart card removal behavior |
| CCE-2356-4 |
The "Microsoft network client: Digitally sign communications (always)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network client: Digitally sign communications (always) (2) MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network client: Digitally sign communications (always) |
| CCE-2378-8 |
The "Microsoft network client: Digitally sign communications (if server agrees)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network client: Digitally sign communications (if server agrees) (2) MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network client: Digitally sign communications (if server agrees) |
| CCE-2272-3 |
The "Microsoft network client: Send unencrypted password to third-party SMB servers" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network client: Send unencrypted password to third-party SMB servers (2) MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network client: Send unencrypted password to third-party SMB servers |
| CCE-2236-8 |
The "Microsoft network server: Amount of idle time required before suspending session" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Amount of idle time required before suspending session (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Amount of idle time required before suspending session |
| CCE-2381-2 |
The "Microsoft network server: Digitally sign communications (always)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Digitally sign communications (always) (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Digitally sign communications (always) |
| CCE-2263-2 |
The "Microsoft network server: Digitally sign communications (if client agrees)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Digitally sign communications (if client agrees) (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Digitally sign communications (if client agrees) |
| CCE-2029-7 |
The "Microsoft network server: Disconnect clients when logon hours expire" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Disconnect clients when logon hours expire (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Disconnect clients when logon hours expire |
| CCE-2307-7 |
The "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) |
| CCE-1826-7 |
The "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) |
| CCE-1967-9 |
The "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS) (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS) |
| CCE-1470-4 |
The "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes |
| CCE-2241-8 |
The "MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) (2) MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters\Hidden |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) |
| CCE-2399-4 |
The "MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds |
| CCE-2404-2 |
The "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic. (2) MACHINE\System\CurrentControlSet\Services\IPSEC\NoDefaultExempt |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic. |
| CCE-2298-8 |
The "MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended) (2) MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended) |
| CCE-2320-0 |
The "MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (2) MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers |
| CCE-2156-8 |
The automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) (2) MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) |
| CCE-1800-2 |
The "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) |
| CCE-2447-1 |
The "MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) (2) MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) |
| CCE-2183-2 |
The "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" setting should be configured correctly. |
(1) number of seconds |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) (2) MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) |
| CCE-1460-5 |
The "MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (SynAttackProtect) Syn attack protection level (protects against DoS) (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (SynAttackProtect) Syn attack protection level (protects against DoS) |
| CCE-2384-6 |
The "MSS: (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged |
| CCE-2424-0 |
The "MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) |
| CCE-2442-2 |
The "MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning (2) MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\WarningLevel |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning |
| CCE-2318-4 |
The "Network access: Allow anonymous SID/Name translation" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Allow anonymous SID/Name translation |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Allow anonymous SID/Name translation |
| CCE-1962-0 |
The "Network access: Do not allow anonymous enumeration of SAM accounts" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Do not allow anonymous enumeration of SAM accounts (2) MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Do not allow anonymous enumeration of SAM accounts |
| CCE-2340-8 |
The "Network access: Do not allow anonymous enumeration of SAM accounts and shares" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Do not allow anonymous enumeration of SAM accounts and shares (2) MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Do not allow anonymous enumeration of SAM accounts and shares |
| CCE-2111-3 |
The "Network access: Do not allow storage of credentials or .NET Passports for network authentication" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Do not allow storage of credentials or .NET Passports for network authentication (2) MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Do not allow storage of credentials or .NET Passports for network authentication |
| CCE-1824-2 |
The "Network access: Let Everyone permissions apply to anonymous users" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Let Everyone permissions apply to anonymous users (2) MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Let Everyone permissions apply to anonymous users |
| CCE-2089-1 |
The "Network access: Named Pipes that can be accessed anonymously" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Named Pipes that can be accessed anonymously (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Named Pipes that can be accessed anonymously |
| CCE-1521-4 |
The "Network access: Remotely accessible registry paths" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Remotely accessible registry paths (2) MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Remotely accessible registry paths |
| CCE-2357-2 |
The "Network access: Remotely accessible registry paths and sub paths" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Remotely accessible registry paths and sub paths (2) MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Remotely accessible registry paths and sub paths |
| CCE-2361-4 |
The "Network access: Restrict anonymous access to Named Pipes and Shares" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Restrict anonymous access to Named Pipes and Shares (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Restrict anonymous access to Named Pipes and Shares |
| CCE-2507-2 |
The "Network access: Shares that can be accessed anonymously" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Shares that can be accessed anonymously (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Shares that can be accessed anonymously |
| CCE-2406-7 |
The "Network access: Sharing and security model for local accounts" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Sharing and security model for local accounts (2) MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Sharing and security model for local accounts |
| CCE-2304-4 |
The "Network security: Do not store LAN Manager hash value on next password change" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Do not store LAN Manager hash value on next password change (2) MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Do not store LAN Manager hash value on next password change |
| CCE-2432-3 |
The "Network security: Force logoff when logon hours expire" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Force logoff when logon hours expire |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Force logoff when logon hours expire |
| CCE-2454-7 |
The "Network security: LAN Manager authentication level" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: LAN Manager authentication level (2) MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: LAN Manager authentication level |
| CCE-2327-5 |
The "Network security: LDAP client signing requirements" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: LDAP client signing requirements (2) MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: LDAP client signing requirements |
| CCE-1767-3 |
The "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Minimum session security for NTLM SSP based (including secure RPC) clients (2) MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Minimum session security for NTLM SSP based (including secure RPC) clients |
| CCE-2410-9 |
The "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Minimum session security for NTLM SSP based (including secure RPC) servers (2) MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Minimum session security for NTLM SSP based (including secure RPC) servers |
| CCE-2309-3 |
The "Recovery console: Allow automatic administrative logon" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Recovery console: Allow automatic administrative logon (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Recovery console: Allow automatic administrative logon |
| CCE-1553-7 |
The "Recovery console: Allow floppy copy and access to all drives and all folders" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Recovery console: Allow floppy copy and access to all drives and all folders (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Recovery console: Allow floppy copy and access to all drives and all folders |
| CCE-2403-4 |
The "Shutdown: Allow system to be shut down without having to log on" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Shutdown: Allow system to be shut down without having to log on (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Shutdown: Allow system to be shut down without having to log on |
| CCE-2416-6 |
The "Shutdown: Clear virtual memory pagefile" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Shutdown: Clear virtual memory pagefile (2) MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Shutdown: Clear virtual memory pagefile |
| CCE-2319-2 |
The "System cryptography: Force strong key protection for user keys stored on the computer" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System cryptography: Force strong key protection for user keys stored on the computer |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System cryptography: Force strong key protection for user keys stored on the computer |
| CCE-2261-6 |
The "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing (2) MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing |
| CCE-2429-9 |
The "System objects: Require case insensitivity for non-Windows subsystems" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System objects: Require case insensitivity for non-Windows subsystems (2) MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System objects: Require case insensitivity for non-Windows subsystems |
| CCE-2451-3 |
The "System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) (2) MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) |
| CCE-1598-2 |
DEPRECATED. |
NaN |
NaN |
NaN |
NaN |
| CCE-2421-6 |
The "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies |
| CCE-2302-8 |
The "User Account Control: Admin Approval Mode for the Built-in Administrator account" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Admin Approval Mode for the Built-in Administrator account (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Admin Approval Mode for the Built-in Administrator account |
| CCE-2434-9 |
The "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop (2) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop |
| CCE-2474-5 |
The "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode |
| CCE-2355-6 |
The "User Account Control: Behavior of the elevation prompt for standard users" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Behavior of the elevation prompt for standard users (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Behavior of the elevation prompt for standard users |
| CCE-2487-7 |
The "User Account Control: Detect application installations and prompt for elevation" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Detect application installations and prompt for elevation (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Detect application installations and prompt for elevation |
| CCE-2509-8 |
The "User Account Control: Only elevate executables that are signed and validated" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Only elevate executables that are signed and validated (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Only elevate executables that are signed and validated |
| CCE-2473-7 |
The "User Account Control: Only elevate UIAccess applications that are installed in secure locations" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Only elevate UIAccess applications that are installed in secure locations (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Only elevate UIAccess applications that are installed in secure locations |
| CCE-2478-6 |
The "User Account Control: Run all administrators in Admin Approval Mode" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Run all administrators in Admin Approval Mode (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Run all administrators in Admin Approval Mode |
| CCE-2500-7 |
The "User Account Control: Switch to the secure desktop when prompting for elevation" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Switch to the secure desktop when prompting for elevation (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Switch to the secure desktop when prompting for elevation |
| CCE-2266-5 |
The "User Account Control: Virtualize file and registry write failures to per-user locations" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Virtualize file and registry write failures to per-user locations (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization |
NaN |
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Virtualize file and registry write failures to per-user locations |
| CCE-2539-5 |
The application log maximum size should be configured correctly. |
(1) size of file |
(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Maximum application log size (2) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Maximum Log Size (3) HKLM\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize |
NaN |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Maximum Log Size |
| CCE-2244-2 |
The security log maximum size should be configured correctly. |
(1) size of file |
(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Maximum security log size (2) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Maximum Log Size (3) HKLM\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize |
NaN |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Maximum Log Size |
| CCE-2262-4 |
The system log maximum size should be configured correctly. |
(1) size of file |
(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Maximum system log size (2) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Maximum Log Size (3) HKLM\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize |
NaN |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Maximum Log Size |
| CCE-1622-0 |
The "Prevent local guests group from accessing application log" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Prevent local guests group from accessing application log (2) Event Log security settings are not registry keys. |
NaN |
Computer Configuration/Windows Settings/Security Settings/Event Log//Prevent local guests group from accessing application log |
| CCE-2189-9 |
The "Prevent local guests group from accessing system log" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Prevent local guests group from accessing system log (2) Event Log security settings are not registry keys. |
NaN |
Computer Configuration/Windows Settings/Security Settings/Event Log//Prevent local guests group from accessing system log |
| CCE-2149-3 |
The "Prevent local guests group from accessing security log" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Prevent local guests group from accessing security log (2) Event Log security settings are not registry keys. |
NaN |
Computer Configuration/Windows Settings/Security Settings/Event Log//Prevent local guests group from accessing security log |
| CCE-2541-1 |
The "Retain old events" setting should be configured correctly for the application log. |
(1) enabled/disabled |
(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Retain old events (2) HKCU\Software\Policies\Microsoft\Windows\EventLog\Application\Retention (3) Computer Configuration/Windows Settings/Security Settings/Event Log//Retain application log |
NaN |
Computer Configuration/Windows Settings/Security Settings/Event Log//Retain application log |
| CCE-2435-6 |
The "Retain old events" setting should be configured correctly for the security log. |
(1) enabled/disabled |
(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Retain old events (2) HKCU\Software\Policies\Microsoft\Windows\EventLog\Security\Retention (3) Computer Configuration/Windows Settings/Security Settings/Event Log//Retain security log |
NaN |
Computer Configuration/Windows Settings/Security Settings/Event Log//Retain security log |
| CCE-2581-7 |
The "Retain old events" setting should be configured correctly for the system log. |
(1) enabled/disabled |
(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Retain old events (2) HKCU\Software\Policies\Microsoft\Windows\EventLog\System\Retention (3) Computer Configuration/Windows Settings/Security Settings/Event Log//Retain system log |
NaN |
Computer Configuration/Windows Settings/Security Settings/Event Log//Retain system log |
| CCE-1819-2 |
The "Retention method for application log" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Retention method for application log |
NaN |
Computer Configuration/Windows Settings/Security Settings/Event Log//Retention method for application log |
| CCE-1836-6 |
The "Retention method for security log" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Retention method for security log |
NaN |
Computer Configuration/Windows Settings/Security Settings/Event Log//Retention method for security log |
| CCE-2607-0 |
The "Retention method for system log" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Retention method for system log |
NaN |
Computer Configuration/Windows Settings/Security Settings/Event Log//Retention method for system log |
| CCE-2237-6 |
The "Enforce password history" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) |
NaN |
GPO Settings: Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) |
| CCE-2200-4 |
The "Maximum password age" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) |
NaN |
GPO Settings: Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) |
| CCE-1861-4 |
The "Minimum password age" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) |
NaN |
GPO Settings: Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) |
| CCE-2240-0 |
The "Minimum password length" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) |
NaN |
GPO Settings: Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) |
| CCE-2126-1 |
The "Password must meet complexity requirements" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) |
NaN |
GPO Settings: Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) |
| CCE-2289-7 |
The "Store passwords using reversible encryption" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) |
NaN |
GPO Settings: Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) |
| CCE-1317-7 |
The "Account lockout duration" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Account Policies/Account Lockout Policy (Settings included in Domain Policies) |
NaN |
GPO Settings: Computer Configuration/Windows Settings/Security Settings/Account Policies/Account Lockout Policy (Settings included in Domain Policies) |
| CCE-1872-1 |
The "Account lockout threshold" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Account Policies/Account Lockout Policy (Settings included in Domain Policies) |
NaN |
GPO Settings: Computer Configuration/Windows Settings/Security Settings/Account Policies/Account Lockout Policy (Settings included in Domain Policies) |
| CCE-2311-9 |
The "Reset account lockout counter after" setting should be configured correctly. |
NaN |
(1) Computer Configuration/Windows Settings/Security Settings/Account Policies/Account Lockout Policy (Settings included in Domain Policies) |
NaN |
GPO Settings: Computer Configuration/Windows Settings/Security Settings/Account Policies/Account Lockout Policy (Settings included in Domain Policies) |
| CCE-5229-0 |
The "MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing)" setting should be configured correctly. |
(1) 0 = No additional protection, source routed packets are allowed | 1 = Medium, source routed packets ignored when IP forwarding is enabled | 2 = Highest protection, source routing is completely disabled |
(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) (2) HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting |
NaN |
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) |
| CCE-5263-9 |
The "MSS: (TCPMaxDataRetransmissions) IPv6, how many times unacknowledged data is retransmitted (3 recommended, 5 is default)" setting should be configured correctly. |
(1) Numeric value |
(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (TCPMaxDataRetransmissions) IPv6, how many times unacknowledged data is retransmitted (3 recommended, 5 is default) (2) HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\TcpMaxDataRetransmissions |
NaN |
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (TCPMaxDataRetransmissions) IPv6, how many times unacknowledged data is retransmitted (3 recommended, 5 is default) |
| CCE-7636-4 |
The "Always Prompt Client for Password upon Connection" policy should be set correctly for Terminal Services. |
(1) 0 = Enabled | 1 = Disabled |
(1) HKLM\ SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Security\Always prompt for password upon connection |
NaN |
NaN |
| CCE-8478-0 |
The "Configure Automatic Updates" setting should be enabled or disabled as appropriate. |
(1) 0 = Enabled | 1 = Disabled |
(1) HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\AUOptions (2) Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates |
NaN |
NaN |
| CCE-7639-8 |
The default behavior for AutoRun should be properly configured. |
(1) Enabled: Do not execute any autorun commands / Enabled: Automatically execute autorun commands / Disabled |
(1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutoRun (2) Computer Configuration\Administrative Templates\Windows Components\Autoplay Policies\Default behavior for AutoRun |
NaN |
NaN |
| CCE-8125-7 |
The "Unsigned Driver Installation Behavior" policy should be set correctly. |
(1) Silently succeed | Warn but allow installation | Do not allow installation |
(1) HKLM\Software\Microsoft\Driver Signing\Policy (2) Computer Configuration\Windows Settings\Local Policies\Security Options\Devices: Unsigned driver installation behavior |
NaN |
NaN |
| CCE-8178-6 |
The "Disable remote Desktop Sharing" setting should be enabled or disabled as appropriate. |
(1) 0 = Enabled | 1 = Disabled |
(1) HKLM\Software\Policies\Microsoft\Conferencing\NoRDS, Computer Configuration\Administrative Templates\Windows Components\NetMeeting |
NaN |
NaN |
| CCE-8504-3 |
The startup type of the NetMeeting Remote Desktop Sharing service should be correct. |
(1) disabled/manual/automatic/automatic (delayed start) |
(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy |
NaN |
NaN |
| CCE-8596-9 |
The "Do Not Allow Windows Messenger to be Run" policy should be set correctly. |
(1) 0 = Enabled | 1 = Disabled |
(1) HKLM\Software\Policies\Microsoft\Messenger\Client\PreventRun (2) Computer Configuration\Administrative Templates\Windows Components\Windows Messenger\Do not allow Windows Messenger to be run |
NaN |
NaN |
| CCE-8594-4 |
The "Enforce user logon restrictions" policy should be set correctly. |
(1) 0 = Enabled | 1 = Disabled |
(1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Enforce user logon restrictions |
NaN |
NaN |
| CCE-8568-8 |
The "Enumerate administrator accounts on elevation" setting should be enabled or disabled as appropriate. |
(1) 0 = Enabled | 1 = Disabled |
(1) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators (2) Computer Configuration\Administrative Templates\Windows Components\Credential User Interface\Enumerate administrator accounts on elevation |
NaN |
NaN |
| CCE-8585-2 |
The maximum lifetime for Kerberos service tickets should be set appropriately. |
(1) Number of minutes |
(1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Maximum lifetime for service ticket |
NaN |
NaN |
| CCE-8409-5 |
The maximum lifetime for Kerberos user tickets should be set appropriately. |
(1) Number of hours |
(1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Maximum lifetime for user ticket |
NaN |
NaN |
| CCE-8000-2 |
The maximum lifetime for Kerberos user ticket renewal should be set appropriately. |
(1) Number of days |
(1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Maximum lifetime for user ticket renewal |
NaN |
NaN |
| CCE-8268-5 |
The maximum tolerance for computer clock synchronization for Kerberos should be set appropriately. |
(1) Number of minutes |
(1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Maximum tolerance for computer clock synchronization |
NaN |
NaN |
| CCE-8378-2 |
Automatic Reboot After System Crash should be enabled or disabled as appropriate. |
(1) 0 = Enabled | 1 = Disabled |
(1) HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments) |
NaN |
NaN |
| CCE-7893-1 |
Disable saving of dial-up passwords should be properly configured. |
(1) 0 = Enabled | 1 = Disabled |
(1) HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (DisableSavePassword) Prevent the dial-up passsword from being saved (recommended) |
NaN |
NaN |
| CCE-8598-5 |
The "No auto-restart for scheduled Automatic Updates installations" policy should be set correctly. |
(1) 0 = Enabled | 1 = Disabled |
(1) HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoRebootWithLoggedOnUsers (2) Computer Configuration\Administrative Templates\Windows Components\Windows Update\No auto-restart for scheduled Automatic Updates installations |
NaN |
NaN |
| CCE-7643-0 |
The "Allow Unsolicited Remote Assistance" policy should be set correctly for Terminal Services. |
(1) 0 = Enabled | 1 = Disabled |
(1) HKLM\Software\policies\Microsoft\Windows NT\Terminal ServicesfAllowUnsolicited (2) Computer Configuration\Administrative Templates\System\Remote Assistance |
NaN |
NaN |
| CCE-8492-1 |
The "Registry policy processing" policy should be enabled or disabled as appropriate. |
(1) 0 = Enabled | 1 = Disabled |
(1) HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\ NoBackgroundPolicy (2) Computer Configuration\Administrataive Templates\System\Group Policy\Registry policy processing |
NaN |
NaN |
| CCE-7646-3 |
The "Reschedule Automatic Updates scheduled installations" setting should be enabled or disabled as appropriate. |
(1) 0 = Enabled | 1 = Disabled |
(1) HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\RescheduleWaitTimeEnabled (2) Computer Configuration\Administrative Templates\Windows Components\Windows Update\Reschedule Automatic Updates scheduled installations |
NaN |
NaN |
| CCE-7658-8 |
Authentication requirements for RPC clients should be configured appropriately. |
(1) Authenticated, Authenticated without exceptions, None |
(1) HKLM\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients (2) Computer Configuration\Administrative Templates\System\Remote Procedure Call\Restrictions for Unauthenticated RPC clients |
NaN |
NaN |
| CCE-8572-0 |
RPC Endpoint Mapper Client Authentication should be enabled or disabled as appropriate. |
(1) 0 = Enabled | 1 = Disabled |
(1) HKLM\Software\Policies\Microsoft\Windows NT\Rpc\EnableAuthEpResolution (2) Computer Configuration\Administrative Templates\System\Remote Procedure Call\RPC Endpoint Mapper Client Authentication |
NaN |
NaN |
| CCE-7667-9 |
The "Set Client connection Encryption Level" policy should be set correctly for Terminal Services. |
(1) Enabled:Client Compatible | Enabled:High level | Enabled:Low level | Disabled |
(1) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Security\Set client connection encryption level |
NaN |
NaN |
| CCE-8634-8 |
The "Turn off Autoplay" policy should be enabled or disabled as appropriate. |
(1) 0 = Enabled | 1 = Disabled |
(1) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun (2) Computer Configuration\Administrative Templates\Windows Components\Autoplay Policies\Turn off Autoplay |
NaN |
NaN |