Item Search

Name	Audit Name	Plugin	Category
2.3.7.8 Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' (MS only)	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS	Windows	ACCESS CONTROL
2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User is prompted when the key is first used' or higher	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION
5.10 Ensure 'Microsoft iSCSI Initiator Service (MSiSCSI)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.15 Ensure 'Problem Reports and Solutions Control Panel Support (wercplsupport)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.18 Ensure 'Remote Desktop Services (TermService)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.25 Ensure 'SNMP Service (SNMP)' is set to 'Disabled' or 'Not Installed'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.4.11 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.4.12 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOndomain	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - AllowRspndrOnPublicNet	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.5.10.2 Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.5.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableInBand802DOT11Registrar	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableUPnPRegistrar	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.8.22.1.4 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	ACCESS CONTROL
18.8.22.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	ACCESS CONTROL
18.8.34.6.1 Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.8.34.6.2 Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.8.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	ACCESS CONTROL
18.8.52.1.2 Ensure 'Enable Windows NTP Server' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.9.11.1.2 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.1.8 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.1.9 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.1.10 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.1.11 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.2 Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.3 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.5 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.7 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.10 Ensure 'Configure minimum PIN length for startup' is set to 'Enabled: 7 or more characters'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
18.9.11.2.11 Ensure 'Require additional authentication at startup' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.13 Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.15 Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.59.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.10.17.2 Ensure 'Enable App Installer Experimental Features' is set to 'Disabled'	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller	Windows	CONFIGURATION MANAGEMENT
18.10.17.2 Ensure 'Enable App Installer Experimental Features' is set to 'Disabled'	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS	Windows	CONFIGURATION MANAGEMENT
18.10.17.4 (L1) Ensure 'Enable App Installer ms-appinstaller protocol' is set to 'Disabled'	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC	Windows	CONFIGURATION MANAGEMENT
18.10.17.4 (L1) Ensure 'Enable App Installer ms-appinstaller protocol' is set to 'Disabled'	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS	Windows	CONFIGURATION MANAGEMENT
18.10.17.4 Ensure 'Enable App Installer ms-appinstaller protocol' is set to 'Disabled'	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller	Windows	CONFIGURATION MANAGEMENT
18.10.17.4 Ensure 'Enable App Installer ms-appinstaller protocol' is set to 'Disabled'	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS	Windows	CONFIGURATION MANAGEMENT
18.10.56.3.3.7 (L1) Ensure 'Do not allow WebAuthn redirection' is set to 'Enabled'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	CONFIGURATION MANAGEMENT
18.10.56.3.3.7 (L2) Ensure 'Do not allow WebAuthn redirection' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v3.0.0 L2	Windows	CONFIGURATION MANAGEMENT
18.10.56.3.3.7 (L2) Ensure 'Do not allow WebAuthn redirection' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL	Windows	CONFIGURATION MANAGEMENT
18.10.56.3.3.7 (L2) Ensure 'Do not allow WebAuthn redirection' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
18.10.56.3.3.7 (L2) Ensure 'Do not allow WebAuthn redirection' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG	Windows	CONFIGURATION MANAGEMENT
WN10-00-000100 - Internet Information System (IIS) or its subcomponents must not be installed on a workstation.	DISA Windows 10 STIG v3r2	Windows	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search