3.6.9.2 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'

Information

Although this 'legacy' setting traditionally applied to the use of Internet Connection Sharing (ICS) in Windows 2000, Windows XP & Server 2003, this setting now freshly applies to the Mobile Hotspot feature in Windows 10 & Server 2016.

The recommended state for this setting is: Enabled

Non-administrators should not be able to turn on the Mobile Hotspot feature and open their Internet connectivity up to nearby mobile devices.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enabled

Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Sharing on your DNS domain network

Impact:

Mobile Hotspot cannot be enabled or configured by Administrators and non-Administrators alike.

See Also

https://workbench.cisecurity.org/benchmarks/16852

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Windows

Control ID: ad949dc5111b1f42e9c83f98cb70914c8a152a15d2b68e547f3b234780a6b021