Item Search

NameAudit NamePluginCategory
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION

18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOLCIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

RISK ASSESSMENT

18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION

18.5.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

ACCESS CONTROL

18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')CIS Microsoft Windows Server 2016 v3.0.0 L2 MSWindows

CONFIGURATION MANAGEMENT

18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

CONFIGURATION MANAGEMENT

18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')CIS Windows Server 2012 R2 MS L2 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.6.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DCWindows

CONFIGURATION MANAGEMENT

18.6.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Domain ControllerWindows

CONFIGURATION MANAGEMENT

18.6.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Member ServerWindows

CONFIGURATION MANAGEMENT

18.8.7.2 (L1) Ensure 'Allow remote access to the Plug and Play interface' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

MEDIA PROTECTION

18.8.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

SECURITY ASSESSMENT AND AUTHORIZATION

18.8.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L2Windows

SECURITY ASSESSMENT AND AUTHORIZATION

18.8.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

ACCESS CONTROL

18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.3 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'CIS Windows 7 Workstation Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.30.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

18.9.65.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.10.9.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.4 (L1) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

MEDIA PROTECTION

18.10.9.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

MEDIA PROTECTION

18.10.9.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

MEDIA PROTECTION

18.10.9.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

MEDIA PROTECTION

18.10.9.3.5 (L1) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

MEDIA PROTECTION

18.10.9.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

MEDIA PROTECTION

18.10.10.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 11 Enterprise v4.0.0 BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

MEDIA PROTECTION

18.10.10.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 11 Enterprise v4.0.0 BitLockerWindows

MEDIA PROTECTION

18.10.56.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2019 v3.0.1 L2 MSWindows

CONFIGURATION MANAGEMENT

18.10.56.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MSWindows

CONFIGURATION MANAGEMENT

18.10.56.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Member ServerWindows

CONFIGURATION MANAGEMENT

18.10.56.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 MSWindows

CONFIGURATION MANAGEMENT

18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Windows Server 2012 R2 MS L2 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L2 DCWindows

CONFIGURATION MANAGEMENT

19.1.3.1 Ensure 'Enable screen saver' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

ACCESS CONTROL