CSCv7|5.4

Title

Deploy System Configuration Management Tools

Description

Deploy system configuration management tools that will automatically enforce and redeploy configuration settings to systems at regularly scheduled intervals.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2 (L1) Host hardware must enable UEFI Secure Boot	VMware	CIS VMware ESXi 8.0 v1.1.0 L1
1.4 (L1) Host hardware must enable and configure a TPM 2.0	VMware	CIS VMware ESXi 8.0 v1.1.0 L1
1.5 (L1) Host integrated hardware management controller must be secure	VMware	CIS VMware ESXi 8.0 v1.1.0 L1
1.6 (L1) Host integrated hardware management controller must enable time synchronization	VMware	CIS VMware ESXi 8.0 v1.1.0 L1
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Intune for Windows 11 v1.0.0 L1 + BL
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Intune for Windows 11 v1.0.0 L1 + BL + NG
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Intune for Windows 10 v1.1.0 L1 + BL
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Intune for Windows 11 v1.0.0 L1 + NG
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Intune for Windows 11 v1.0.0 L1
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Windows Server 2012 MS L1 v2.2.0
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Windows Server 2012 R2 DC L1 v2.4.0
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Intune for Windows 10 v1.1.0 L1 + NG
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Intune for Windows 10 v1.1.0 L1
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Windows Server 2012 DC L1 v2.2.0
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Intune for Windows 10 v1.1.0 L1 + BL + NG
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Windows Server 2012 R2 MS L1 v2.4.0
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.8.21.1 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2019 DC L1 v1.2.0
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2019 MS L1 v1.2.1
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL + NG
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL + NG
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2022 v1.0.0 L1 DC
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2016 STIG NG MS L3 v1.0.0
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Windows Server 2012 R2 DC L1 v2.5.0
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + NG
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + NG
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.0.0
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL + NG
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	Windows	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL

Detections

Analytics

CSCv7|5.4

Title

Description

Reference Item Details

Audit Items