Detections
Analytics

CSCv7|12.12

Title

Manage All Devices Remotely Logging into Internal Network

Description

Scan all enterprise devices remotely logging into the organization's network prior to accessing the network to ensure that each of the organization's security policies has been enforced in the same manner as local network devices.

Reference Item Details

Category: Boundary Defense

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.8.1 Ensure 'Allow remote access connections to this machine' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
2.8.1 Ensure 'Allow remote access connections to this machine' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
2.8.2 Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
2.8.2 Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
2.8.3 Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain definedWindowsCIS Google Chrome L1 v2.1.0
2.8.3 Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain definedWindowsCIS Google Chrome L1 v3.0.0
2.8.4 Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
2.8.4 Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
2.8.5 Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
2.8.5 Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
2.8.6 Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
2.8.6 Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
2.8.7 Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'.WindowsCIS Google Chrome L1 v3.0.0
2.8.7 Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'.WindowsCIS Google Chrome L1 v2.1.0
3.2 Ensure 'Allow unmanaged devices' is set to 'False'WindowsCIS Microsoft Exchange Server 2019 L1 MDM v1.0.0
3.2.1.29 Ensure 'Allow proximity based password sharing requests' is set to 'Disabled'MDMAirWatch - CIS Apple iOS 17 Institution Owned L1
3.2.1.29 Ensure 'Allow proximity based password sharing requests' is set to 'Disabled'MDMMobileIron - CIS Apple iOS 17 Institution Owned L1
3.2.1.29 Ensure 'Allow proximity based password sharing requests' is set to 'Disabled'MDMAirWatch - CIS Apple iPadOS 17 Institutionally Owned L1
3.2.1.29 Ensure 'Allow proximity based password sharing requests' is set to 'Disabled'MDMMobileIron - CIS Apple iPadOS 17 Institutionally Owned L1
3.2.1.30 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled'MDMMobileIron - CIS Apple iOS 17 Institution Owned L1
3.2.1.30 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled'MDMAirWatch - CIS Apple iPadOS 17 Institutionally Owned L1
3.2.1.30 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled'MDMAirWatch - CIS Apple iOS 17 Institution Owned L1
3.2.1.30 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled'MDMMobileIron - CIS Apple iPadOS 17 Institutionally Owned L1
3.9 Ensure 'Require encryption on device' is set to 'True'WindowsCIS Microsoft Exchange Server 2019 L1 MDM v1.0.0