Item Search

Name	Audit Name	Plugin	Category
2.2.28 Ensure 'Log on as a batch job' is set to 'Administrators'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	ACCESS CONTROL
2.3.7.8 Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' (MS only)	CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS	Windows	ACCESS CONTROL
2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User is prompted when the key is first used' or higher	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION
5.7 Ensure 'Link-Layer Topology Discovery Mapper (lltdsvc)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.10 Ensure 'Microsoft iSCSI Initiator Service (MSiSCSI)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.12 Ensure 'Peer Networking Grouping (p2psvc)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.15 Ensure 'Problem Reports and Solutions Control Panel Support (wercplsupport)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.17 Ensure 'Remote Desktop Configuration (SessionEnv)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.18 Ensure 'Remote Desktop Services (TermService)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.25 Ensure 'SNMP Service (SNMP)' is set to 'Disabled' or 'Not Installed'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.31 Ensure 'Windows Error Reporting Service (WerSvc)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.32 (L1) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 11 Enterprise v3.0.0 L1	Windows	CONFIGURATION MANAGEMENT
5.32 (L1) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL	Windows	CONFIGURATION MANAGEMENT
5.32 (L1) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL	Windows	CONFIGURATION MANAGEMENT
5.33 (L1) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL	Windows	CONFIGURATION MANAGEMENT
5.36 Ensure 'Windows Remote Management (WS-Management) (WinRM)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
7.1 Set 'Restrict File Download' to 'Enabled' - reserved	CIS IE 9 v1.0.0	Windows	CONFIGURATION MANAGEMENT
18.4.6 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.4.11 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOndomain	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.5.10.2 Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.5.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableFlashConfigRegistrar	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableUPnPRegistrar	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableWPDRegistrar	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.5.20.2 Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.8.22.1.4 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	ACCESS CONTROL
18.8.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	ACCESS CONTROL
18.8.52.1.2 Ensure 'Enable Windows NTP Server' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.9.11.1.2 Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.1.8 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.1.9 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.2 Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.3 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.5 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.7 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.10 Ensure 'Configure minimum PIN length for startup' is set to 'Enabled: 7 or more characters'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
18.9.11.2.11 Ensure 'Require additional authentication at startup' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.13 Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.15 Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.3.2 Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.3.8 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.59.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.9.59.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.9.59.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	ACCESS CONTROL
18.9.98.1 Ensure 'Allow Remote Shell Access' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	ACCESS CONTROL
19.6.6.1.1 Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	ACCESS CONTROL
69.33 (L1) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Intune for Windows 11 v3.0.1 L1	Windows	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search