[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*


CCE-9498-7
Auditing of 'Account Management: Computer Account Management' events on success should be enabled or disabled as appropriate.

CCE-9802-0
Auditing of 'System: IPsec Driver' events on failure should be enabled or disabled as appropriate.

CCE-10051-1
The screen saver should be enabled or disabled as appropriate for the current user.

CCE-9596-8
Auditing of 'Policy Change: Other Policy Change Events' events on success should be enabled or disabled as appropriate.

CCE-9704-8
The 'Network security: Force logoff when logon hours expire' setting should be configured correctly.

CCE-13668-9
Specifies the period of inactivity before Windows transitions the system to hibernate.

CCE-9269-2
Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on failure should be enabled or disabled as appropriate.

CCE-10282-2
DEPRECATED. Previously: The "Prohibit use of Internet Connection Firewall on your DNS domain network" setting should be configured correctly.Note: According to Microsoft, does not apply to Windows 7.

CCE-9321-1
Auditing of 'Audit account logon events' events on success should be enabled or disabled as appropriate.

CCE-9258-5
Auditing of 'Account Logon: Kerberos Authentication Service' events on success should be enabled or disabled as appropriate.

CCE-9628-9
Auditing of 'DS Access: Detailed Directory Service Replication' events on success should be enabled or disabled as appropriate.

CCE-10774-8
The "Configure Windows NTP Client\SpecialPollInterval" setting should be configured correctly.

CCE-9715-4
Auditing of 'Logon-Logoff: IPsec Main Mode' events on failure should be enabled or disabled as appropriate.

CCE-9661-0
Auditing of 'Logon-Logoff: IPsec Extended Mode' events on success should be enabled or disabled as appropriate.

CCE-10207-9
The "IPv6 Block of Protocols 41" option for the Windows Firewall setting should be configured correctly.

CCE-9913-5
Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-10295-4
The "Turn off Help Ratings" setting should be configured correctly.

CCE-9608-1
Auditing of 'Account Management: Computer Account Management' events on failure should be enabled or disabled as appropriate.

CCE-9892-1
The "Configure Windows NTP Client\CrossSiteSyncFlags" setting should be configured correctly.

CCE-9376-5
Auditing of 'Object Access:��File Share' events on success should be enabled or disabled as appropriate.

CCE-9683-4
Auditing of 'Logon-Logoff: Logon' events on success should be enabled or disabled as appropriate.

CCE-9990-3
Auditing of 'Audit system events' events on failure should be enabled or disabled as appropriate.

CCE-9728-7
Auditing of 'Object Access:��Filtering Platform Connection' events on success should be enabled or disabled as appropriate.

CCE-9365-8
Auditing of 'Audit logon events' events on success should be enabled or disabled as appropriate.

CCE-10674-0
DEPRECATED. Previously: The Error Reporting Service should be enabled or disabled as appropriate. Note: According to Microsoft, no such service in Windows 7. See Windows Error Reporting.

CCE-10939-7
DEPRECATED in favor of CCE-9715-4, CCE-8956-5. Previously: Auditing of 'Logon-Logoff: IPsec Main Mode' events on success should be enabled or disabled as appropriate.

CCE-10175-8
Auditing of 'Audit privilege use' events on failure should be enabled or disabled as appropriate.

CCE-18249-3
The 'Internet Information Services' features should be configured correctly.

CCE-9902-8
Auditing of 'Policy Change: Filtering Platform Policy Change' events on success should be enabled or disabled as appropriate.

CCE-10088-3
Auditing of 'System: Other System Events' events on failure should be enabled or disabled as appropriate.

CCE-10767-2
DEPRECATED. Previously: Prompt for password on resume from hibernate/suspend is set correctly.Note: According to Microsoft, does not apply to Windows 7. See settings under System\Power Management\Sleep Settings.

CCE-9347-6
Auditing of 'Audit process tracking' events on success should be enabled or disabled as appropriate.

CCE-10756-5
The "Configure Windows NTP Client\ResolvePeerBackoffMinutes" setting should be configured correctly.

CCE-10841-5
DEPRECATED. Previously: The startup type of the Terminal Services service should be correct. Note: According to Microsoft, no such service in Windows 7. See Remote Desktop Services.

CCE-18739-3
The 'Telnet Server' features should be configured correctly.

CCE-9227-0
Auditing of 'Detailed Tracking: Process Termination' events on success should be enabled or disabled as appropriate.

CCE-10312-7
The 'Maximum ticket time (units)' option for the 'Solicited Remote Assistance' setting should be configured correctly.

CCE-9314-6
Auditing of 'Privilege Use: Other Privilege Use Events' events on failure should be enabled or disabled as appropriate.

CCE-10082-6
Auditing of 'Audit process tracking' events on failure should be enabled or disabled as appropriate.

CCE-9808-7
Auditing of 'Account Logon: Other Account Logon Events' events on success should be enabled or disabled as appropriate.

CCE-9763-4
Auditing of 'Logon-Logoff: Special Logon' events on success should be enabled or disabled as appropriate.

CCE-9412-8
Auditing of 'Detailed Tracking: DPAPI Activity' events on failure should be enabled or disabled as appropriate.

CCE-19306-0
The "Check if AppLocker is Enabled" setting should be configured correctly.

CCE-9850-9
Auditing of 'System: Security State Change' events on success should be enabled or disabled as appropriate.

CCE-8857-5
Auditing of 'Logon-Logoff: IPsec Extended Mode' events on failure should be enabled or disabled as appropriate.

CCE-9521-6
Auditing of 'Logon-Logoff: Special Logon' events on failure should be enabled or disabled as appropriate.

CCE-9180-1
Auditing of 'Audit policy change' events on success should be enabled or disabled as appropriate.

CCE-10118-8
Auditing of 'Audit logon events' events on failure should be enabled or disabled as appropriate.

CCE-8822-9
Auditing of 'Account Management: Application Group Management' events on success should be enabled or disabled as appropriate.

CCE-13091-4
This policy setting determines whether or not users can connect to the computer using Remote Desktop Services.

CCE-10129-5
The Windows Explorer 'Remove Security tab' setting should be configured correctly.

CCE-9214-8
Auditing of 'Audit directory service access' events on failure should be enabled or disabled as appropriate.

CCE-9445-8
Auditing of 'Account Logon: Other Account Logon Events' events on failure should be enabled or disabled as appropriate.

CCE-11221-9
DEPRECATED. Previously: The startup type of the NetMeeting Remote Desktop Sharing service should be correct. Note: According to Microsoft, no such service in Windows 7.

CCE-9644-6
Auditing of 'Account Management: Distribution Group Management' events on success should be enabled or disabled as appropriate.

CCE-9076-1
Auditing of 'Logon-Logoff: Network Policy Server' events on success should be enabled or disabled as appropriate.

CCE-10450-5
DEPRECATED in favor of CCE-10078-4, CCE-9737-8.

CCE-8407-9
Auditing of 'Audit system events' events on success should be enabled or disabled as appropriate.

CCE-11164-1
DEPRECATED. Previously: The startup type of the Alerter service should be correct. Note: According to Microsoft, no such service in Windows 7.

CCE-9633-9
Auditing of 'Policy Change: Authorization Policy Change' events on success should be enabled or disabled as appropriate.

CCE-10169-1
Auditing of 'Audit account management' events on failure should be enabled or disabled as appropriate.

CCE-10014-9
Auditing of 'Policy Change: Authentication Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-8484-8
The built-in Administrator account should be correctly named.

CCE-14854-4
The 'Core Networking - Dynamic Host Configuration Protocol (DHCPV6-In)' Windows Firewall rule should be configured correctly.

CCE-9172-8
Auditing of 'Privilege Use: Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate.

CCE-8853-4
Auditing of 'Logon-Logoff: Account Lockout' events on success should be enabled or disabled as appropriate.

CCE-10049-5
Auditing of 'Policy Change: Other Policy Change Events' events on failure should be enabled or disabled as appropriate.

CCE-9217-1
Auditing of 'Object Access:��File System' events on success should be enabled or disabled as appropriate.

CCE-9502-6
Auditing of 'Account Logon: Kerberos Authentication Service' events on failure should be enabled or disabled as appropriate.

CCE-9720-4
Auditing of 'Object Access: Detailed File Share' events on success should be enabled or disabled as appropriate.

CCE-9668-5
Auditing of 'Account Management: Other Account Management Events' events on failure should be enabled or disabled as appropriate.

CCE-9755-0
Auditing of 'DS Access: Directory Service Replication' events on failure should be enabled or disabled as appropriate.

CCE-9657-8
Auditing of 'Account Management: Other Account Management Events' events on success should be enabled or disabled as appropriate.

CCE-9622-2
Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on success should be enabled or disabled as appropriate.

CCE-9339-3
Auditing of 'Audit account management' events on success should be enabled or disabled as appropriate.

CCE-10078-4
Auditing of 'Object Access:��Registry' events on failure should be enabled or disabled as appropriate.

CCE-9735-2
Auditing of 'Detailed Tracking: DPAPI Activity' events on success should be enabled or disabled as appropriate.

CCE-9637-0
Auditing of 'DS Access: Directory Service Replication' events on success should be enabled or disabled as appropriate.

CCE-9058-9
Auditing of 'Logon-Logoff: Logoff' events on failure should be enabled or disabled as appropriate.

CCE-9526-5
Auditing of 'DS Access: Detailed Directory Service Replication' events on failure should be enabled or disabled as appropriate.

CCE-9023-3
Auditing of 'Logon-Logoff: Account Lockout' events on failure should be enabled or disabled as appropriate.

CCE-9492-0
Auditing of 'Detailed Tracking: RPC Events' events on success should be enabled or disabled as appropriate.

CCE-9988-7
Auditing of 'Privilege Use: Other Privilege Use Events' events on success should be enabled or disabled as appropriate.

CCE-10021-4
Auditing of 'Policy Change: Audit Policy Change' events on success should be enabled or disabled as appropriate.

CCE-9800-4
Auditing of 'Account Management: User Account Management' events on failure should be enabled or disabled as appropriate.

CCE-9692-5
Auditing of 'Account Management: Security Group Management' events on success should be enabled or disabled as appropriate.

CCE-9737-8
Auditing of 'Object Access:��Registry' events on success should be enabled or disabled as appropriate.

CCE-8860-9
Auditing of 'Object Access:��Application Generated' events on failure should be enabled or disabled as appropriate.

CCE-9056-3
Auditing of 'Account Management: Security Group Management' events on failure should be enabled or disabled as appropriate.

CCE-9811-1
Auditing of 'Object Access:��File System' events on failure should be enabled or disabled as appropriate.

CCE-11229-2
DEPRECATED. Previously: The Wireless Zero Configuration service should be enabled or disabled as appropriate.Note: According to Microsoft, no such service in Windows 7.

CCE-18300-4
The 'Windows Media Center' features should be configured correctly.

CCE-8829-4
Auditing of 'Account Management: Distribution Group Management' events on failure should be enabled or disabled as appropriate.

CCE-9159-5
Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate.

CCE-11235-9
DEPRECATED. Previously: The startup type of the Messenger service should be correct. Note: According to Microsoft, no such service in Windows 7.

CCE-9629-7
Auditing of 'Audit object access' events on failure should be enabled or disabled as appropriate.

CCE-9671-9
Auditing of 'Logon-Logoff: IPsec Quick Mode' events on failure should be enabled or disabled as appropriate.

CCE-9958-0
The 'Force specific screen saver' setting should be configured correctly.

CCE-9137-1
Auditing of 'Object Access:��Kernel Object' events on failure should be enabled or disabled as appropriate.

CCE-10098-2
Auditing of 'Object Access:��Handle Manipulation' events on failure should be enabled or disabled as appropriate.

CCE-9235-3
Auditing of 'Policy Change: Audit Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-9148-8
Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on success should be enabled or disabled as appropriate.

CCE-9791-5
Auditing of 'DS Access: Directory Service Access' events on failure should be enabled or disabled as appropriate.

CCE-10076-8
The 'Notify antivirus programs when opening attachments' setting should be configured correctly.

CCE-9684-2
The 'Hide mechanisms to remove zone information' setting should be configured correctly.

CCE-10531-2
The "Configure Windows NTP Client\ResolvePeerBackoffMaxTimes" setting should be configured correctly.

CCE-10577-5
DEPRECATED. Previously: The startup type of the Universal Plug and Play Device Host (UPnP) service should be correct. Note: According to Microsoft, no such service in Windows 7.

CCE-9364-1
Auditing of 'Detailed Tracking: RPC Events' events on failure should be enabled or disabled as appropriate.

CCE-9488-8
Auditing of 'Object Access:��Certification Services' events on failure should be enabled or disabled as appropriate.

CCE-9816-0
Auditing of 'Object Access:��Application Generated' events on success should be enabled or disabled as appropriate.

CCE-9718-8
Auditing of 'Account Logon: Credential Validation' events on failure should be enabled or disabled as appropriate.

CCE-11226-8
DEPRECATED. Previously: The Network Dynamic Data Exchange (DDE) service should be enabled or disabled as appropriate.Note: According to Microsoft, no such service in Windows 7.

CCE-9586-9
Auditing of 'System: Other System Events' events on success should be enabled or disabled as appropriate.

CCE-9803-8
Auditing of 'Object Access:��Kernel Object' events on success should be enabled or disabled as appropriate.

CCE-9562-0
Auditing of 'Detailed Tracking: Process Creation' events on success should be enabled or disabled as appropriate.

CCE-9925-9
Auditing of 'System: IPsec Driver' events on success should be enabled or disabled as appropriate.

CCE-10368-9
The "Configure Windows NTP Client\Type" setting should be configured correctly.

CCE-9531-5
The 'Network access: Allow anonymous SID/Name translation' setting should be configured correctly.

CCE-9818-6
Auditing of 'Detailed Tracking: Process Termination' events on failure should be enabled or disabled as appropriate.

CCE-9542-2
Auditing of 'Account Management: User Account Management' events on success should be enabled or disabled as appropriate.

CCE-10081-8
Auditing of 'Policy Change: Filtering Platform Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-9455-7
Auditing of 'Object Access:��Other Object Access Events' events on success should be enabled or disabled as appropriate.

CCE-9805-3
Auditing of 'Detailed Tracking: Process Creation' events on failure should be enabled or disabled as appropriate.

CCE-9194-2
Auditing of 'System: System Integrity' events on failure should be enabled or disabled as appropriate.

CCE-10877-9
The 'Approved Installation Sites for ActiveX Controls' security mechanism should be enabled or disabled as appropriate.

CCE-8956-5
Auditing of 'Logon-Logoff: IPsec Main Mode' events on success should be enabled or disabled as appropriate.

CCE-18629-6
The 'SimpleTCP Services' features should be configured correctly.

CCE-11124-5
DEPRECATED. Previously: The Network DDE DDE Share Database Manager (DSDM) service should be enabled or disabled as appropriate.Note: According to Microsoft, no such service in Windows 7.

CCE-10490-1
The 'Remove CD Burning features' setting should be configured correctly.

CCE-9224-7
Auditing of 'Audit directory service access' events on success should be enabled or disabled as appropriate.

CCE-18190-9
The 'TFTP Client' features should be configured correctly.

CCE-10644-3
The "Prevent users from sharing files within their profile" setting should be configured correctly.

CCE-9213-0
Auditing of 'Logon-Logoff: Logon' events on failure should be enabled or disabled as appropriate.

CCE-9190-0
Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on success should be enabled or disabled as appropriate.

CCE-9631-3
Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on failure should be enabled or disabled as appropriate.

CCE-9677-6
The 'Prevent access to registry editing tools' setting should be configured correctly.

CCE-10500-7
The "Configure Windows NTP Client\NtpServer" setting should be configured correctly.

CCE-18880-5
The 'Games' features should be configured correctly.

CCE-10050-3
Auditing of 'Policy Change: Authorization Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-12393-5
Specifies the period of inactivity before Windows turns off the display.

CCE-10886-0
The "Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection" setting should be configured correctly.

CCE-9929-1
The 'Method for sending e-mail invitations' option for the 'Solicited Remote Assistance' setting should be configured correctly.

CCE-8856-7
Auditing of 'Logon-Logoff: Logoff' events on success should be enabled or disabled as appropriate.

CCE-9520-8
Auditing of 'System: System Integrity' events on success should be enabled or disabled as appropriate.

CCE-9863-2
Auditing of 'System: Security System Extension' events on success should be enabled or disabled as appropriate.

CCE-18659-3
The 'Telnet Client' features should be configured correctly.

CCE-9765-9
Auditing of 'DS Access: Directory Service Access' events on success should be enabled or disabled as appropriate.

CCE-9162-9
Auditing of 'Audit object access' events on success should be enabled or disabled as appropriate.

CCE-9260-1
The 'Store passwords using reversible encryption' setting should be configured correctly.

CCE-9569-5
Auditing of 'Object Access:��Filtering Platform Connection' events on failure should be enabled or disabled as appropriate.

CCE-10956-1
DEPRECATED. Previously: The startup type of the Fast User Switching service should be correct. Note: According to Microsoft, no such service in Windows 7.

CCE-9741-0
Auditing of 'Logon-Logoff: Network Policy Server' events on failure should be enabled or disabled as appropriate.

CCE-9730-3
The 'Password protect the screen saver' setting should be configured correctly.

CCE-9632-1
Auditing of 'Logon-Logoff: IPsec Quick Mode' events on success should be enabled or disabled as appropriate.

CCE-9545-5
Auditing of 'Object Access:��Other Object Access Events' events on failure should be enabled or disabled as appropriate.

CCE-11045-2
DEPRECATED. Previously: The startup type of the ClipBook service should be correct. Note: According to Microsoft, no such service in Windows 7.

CCE-14986-4
The 'Core Networking - Dynamic Host Configuration Protocol (DHCP-In)' Windows Firewall rule should be configured correctly.

CCE-9789-9
Auditing of 'Object Access:��Handle Manipulation' events on success should be enabled or disabled as appropriate.

CCE-18800-3
The "Check Administrator Group Membership" setting should be configured correctly.

CCE-9887-1
Auditing of 'Audit account logon events' events on failure should be enabled or disabled as appropriate.

CCE-9229-6
The built-in Guest account should be correctly named.

CCE-9998-6
Auditing of 'System: Security System Extension' events on failure should be enabled or disabled as appropriate.

CCE-10148-5
The 'Screen Saver timeout' setting should be configured correctly.

CCE-19216-1
The "Check if Windows Updates are missing" setting should be configured correctly.

CCE-9976-2
Auditing of 'Policy Change: Authentication Policy Change' events on success should be enabled or disabled as appropriate.

CCE-12924-7
Specifies the period of inactivity before Windows turns off the display.

CCE-9856-6
Auditing of 'Object Access:��SAM' events on success should be enabled or disabled as appropriate.

CCE-10251-7
DEPRECATED. Previously: The "synchronize directory service data" user right should be assigned to the correct accounts. Note: According to Microsoft, this is only relevant to domain controllers and hence does not apply to Windows 7.

CCE-10488-5
The "IPv6 Block of UDP 3544" option for the Windows Firewall setting should be configured correctly.

CCE-9179-3
Auditing of 'System: Security State Change' events on failure should be enabled or disabled as appropriate.

CCE-10499-2
The "Turn off Windows Startup Sound" setting should be configured correctly.

CCE-10551-0
DEPRECATED in favor of CCE-9811-1, CCE-9217-1.

CCE-9133-0
Auditing of 'Object Access:��Filtering Platform Packet Drop' events on success should be enabled or disabled as appropriate.

CCE-9591-9
Auditing of 'Account Management: Application Group Management' events on failure should be enabled or disabled as appropriate.

CCE-9734-5
Auditing of 'DS Access: Directory Service Changes' events on success should be enabled or disabled as appropriate.

CCE-8850-0
Auditing of 'DS Access: Directory Service Changes' events on failure should be enabled or disabled as appropriate.

CCE-9405-2
Auditing of 'Object Access:��File Share' events on failure should be enabled or disabled as appropriate.

CCE-9878-0
Auditing of 'Privilege Use: Sensitive Privilege Use' events on success should be enabled or disabled as appropriate.

CCE-10264-0
DEPRECATED. Previously: The startup type of the Indexing service should be correct. Note: According to Microsoft, no such service in Windows 7.

CCE-9725-3
Auditing of 'Account Logon: Credential Validation' events on success should be enabled or disabled as appropriate.

CCE-8861-7
Auditing of 'Object Access: Detailed File Share' events on failure should be enabled or disabled as appropriate.

CCE-9153-8
Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on success should be enabled or disabled as appropriate.

CCE-10166-7
The 'Do not preserve zone information in file attachments' setting should be configured correctly.

CCE-9066-2
Auditing of 'Audit privilege use' events on success should be enabled or disabled as appropriate.

CCE-9845-9
Auditing of 'Object Access:��SAM' events on failure should be enabled or disabled as appropriate.

CCE-9460-7
Auditing of 'Object Access:��Certification Services' events on success should be enabled or disabled as appropriate.

CCE-10144-4
Auditing of 'Audit policy change' events on failure should be enabled or disabled as appropriate.

CCE-14411-3
The Windows Connect Now "Windows Portable Device" setting should be configured correctly.

CCE-14653-0
The Windows Connect Now "Higher precedence medium for devices discovered by multiple media" setting should be configured appropriately.

CCE-15015-1
The Windows Connect Now "Ethernet (UPnP)" setting should be configured correctly.

CCE-10543-7
The startup type of the Homegroup Listener service should be correct.

CCE-14718-1
The "Prohibit operation while in private network" setting on the LLTDIO Driver should be configured correctly.

CCE-15059-9
The "Allow operation while in domain" setting on the RSPNDR Driver should be configured correctly.

CCE-10443-0
The startup type of the SPP Notification Service service should be correct.

CCE-15019-3
The Windows Connect "In-band 802.11 Wi-Fi" setting should be configured correctly.

CCE-9783-2
The "Turn on Mapper I/O (LLTDIO) Driver" setting should be configured correctly.

CCE-15050-8
The "Allow operation while in domain" setting on the LLTDIO Driver should be configured correctly.

CCE-14834-6
The "Prohibit operation while in private network" setting on the RSPNDR Driver should be configured correctly.

CCE-10408-3
The "Configure Windows NTP Client\EventLogFlags" setting should be configured correctly.

CCE-10091-7
The startup type of the Windows Biometric service should be correct.

CCE-10690-6
The 'Permit remote control of this computer' option for the 'Offer Remote Assistance' setting should be configured correctly.

CCE-14830-4
The "Allow operation while in public network" setting on the RSPNDR Driver should be configured correctly.

CCE-10844-9
The startup type of the WWAN AutoConfig service should be correct.

CCE-10519-7
The 'Permit remote control of this computer' option for the 'Solicited Remote Assistance' setting should be configured correctly.

CCE-10699-7
The startup type of the Media Center Extenders service should be correct.

CCE-10709-4
The Windows Error Reporting "Display Error Notification" setting should be configured correctly.

CCE-14900-5
The Windows Connect Now "Maximum number of WCN devices" setting should be configured correctly.

CCE-10311-9
The startup type of the Parantal Controls service should be correct.

CCE-14109-3
The "Allow operation while in public network" setting on the LLTDIO Driver should be configured correctly.

CCE-15041-7
The Windows Connect Now "USB Flash Drive" setting should be configured correctly.

CCE-9910-1
The startup type of the Homegroup Provider service should be correct.

CCE-9147-0
The 'Omit recovery options from the BitLocker setup wizard' setting should be configured correctly for operating system drives.

CCE-9114-0
The 'BitLocker identification field' setting should be configured correctly.

CCE-8301-4
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 14) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9924-2
The 'Scheduled install time' option for automatic updates should be set correctly.

CCE-9145-4
The 'Allowed BitLocker identification field' setting should be configured correctly.

CCE-8787-4
Validation of the 'Options ROM Code'' Platform Configuration Register (aka PCR 2) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9221-3
Use of the combination of both a Trusted Platform Module (TPM) startup key and PIN for operating system drives encrypted with BitLocker should be configured correctly.

CCE-9256-9
The 'Save BitLocker recovery information to AD DS for removable data drives' setting should be configured correctly.

CCE-8743-7
The 'Configure storage of BitLocker recovery information to AD DS' setting should be configured correctly for fixed data drives.

CCE-9182-7
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 23) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-8405-3
The BitLocker 'Do not allow write access to devices configured in another organization' setting should be configured correctly.

CCE-9138-9
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 19) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9236-1
The 'Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' setting should be configured correctly.

CCE-9103-3
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 18) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9082-9
Validation of the 'Option ROM Configuration and Data' Platform Configuration Register (aka PCR 3) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-8538-1
The BitLocker 'Require use of smart cards on removable data drives' setting should be configured correctly.

CCE-8493-9
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 12) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-8299-0
Validation of the 'Boot Manager' Platform Configuration Register (aka PCR 10) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9087-8
The BitLocker 'Minimum password length for fixed data drive' setting should be configured correctly.

CCE-8701-5
The 'Configure user storage of BitLocker 256-digit recovery key' setting should be configured correctly for removable data drives.

CCE-8242-0
The 'Configure user storage of BitLocker 48-digit recovery password' setting should be configured correctly for fixed data drives.

CCE-8855-9
Validation of the 'BitLocker Access Control' Platform Configuration Register (aka PCR 11) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-8309-7
Use of a Trusted Platform Module (TPM) startup key for operating system drives encrypted with BitLocker should be configured correctly.

CCE-10700-3
The 'Scheduled install day' option for automatic updates should be set correctly.

CCE-8703-1
Validation of the 'State Transition and Wake Events' Platform Configuration Register (aka PCR 6) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9161-1
Validation of the 'NTFS Boot Block' Platform Configuration Register (aka PCR 9) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-8595-1
The 'Omit recovery options from the BitLocker setup wizard' setting should be configured correctly for removable data drives.

CCE-9241-1
The 'Allow BitLocker without a compatible TPM' setting should be configured correctly.

CCE-8540-7
The BitLocker 'Configure password complexity for fixed data drives' setting should be configured correctly.

CCE-8673-6
The BitLocker 'Require password for fixed data drive' setting should be configured correctly.

CCE-9176-9
The 'Allow users to suspend and decrypt BitLocker protection on removable data drives' setting should be configured correctly.

CCE-8993-8
The 'Configure user storage of BitLocker 256-digit recovery key' setting should be configured correctly for operating system drives.

CCE-8905-2
The 'Save BitLocker recovery information to AD DS for operating system drives' setting should be configured correctly.

CCE-8651-2
Validation of the 'Platform and Motherboard Configuration and Data' Platform Configuration Register (aka PCR 1) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-8588-6
The 'Configure user storage of BitLocker 48-digit recovery password' setting should be configured correctly for operating system drives.

CCE-8235-4
The BitLocker 'Allow data recovery agent' setting should be enabled or disabled as appropriate for fixed data drives.

CCE-8553-0
The 'Omit recovery options from the BitLocker setup wizard' setting should be configured correctly for fixed data drives.

CCE-8653-8
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 22) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9200-7
The BitLocker 'Allow data recovery agent' setting should be enabled or disabled as appropriate for operating system drives.

CCE-8751-0
Validation of the 'NTFS Boot Sector' Platform Configuration Register (aka PCR 8) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-8947-4
The BitLocker 'Configure password complexity for removable data drives' setting should be configured correctly.

CCE-8546-4
Use of a Trusted Platform Moduel (TPM) startup PIN for operating system drives encrypted with BitLocker should be configured correctly.

CCE-9279-1
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 20) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9146-2
The BitLocker 'Allow data recovery agent' setting should be enabled or disabled as appropriate for removable data drives.

CCE-8535-7
Validation of the 'Master Boot Record (MBR) Code' Platform Configuration Register (aka PCR 4) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9050-6
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 16) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-8415-2
The 'Configure user storage of BitLocker 48-digit recovery password' setting should be configured correctly for removable data drives.

CCE-9106-6
The 'Do not install BitLocker To Go Reader on FAT formatted fixed drives' setting should be configured correctly.

CCE-9259-3
Use of the Trusted Platform Module (TPM) on startup for operating system drives encyrpted with BitLocker should be configured correctly.

CCE-9248-6
The 'Configure storage of BitLocker recovery information to AD DS' setting should be configured correctly for operating system drives.

CCE-10764-9
The "IP HTTPS" state setting should be configured correctly.

CCE-10753-2
The 'Maximum ticket time (value)' option for the 'Solicited Remote Assistance' setting should be configured correctly.

CCE-8417-8
The 'Configure user storage of BitLocker 256-digit recovery key' setting should be configured correctly for fixed data drives.

CCE-8965-6
The 'Configure storage of BitLocker recovery information to AD DS' setting should be configured correctly for removable data drives.

CCE-8483-0
Validation of the 'Computer Manufacturer-Specific' Platform Configuration Register (aka PCR 7) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9197-5
The 'Save BitLocker recovery information to AD DS for fixed data drives' setting should be configured correctly.

CCE-8759-3
The 'Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' setting should be configured correctly.

CCE-9088-6
The 'Do not install BitLocker To Go Reader on FAT formatted removable drives' setting should be configured correctly.

CCE-8517-5
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 21) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-8496-2
Validation of the 'Core Root of Trust of Measurement (CRTM), BIOS, and Platform Extensions' Platform Configuration Register (aka PCR 0) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9282-5
The 'Allow users to apply BitLocker protection on removable data drives' setting should be configured correctly.

CCE-9173-6
The BitLocker 'Require use of smart cards on fixed data drives' setting should be configured correctly.

CCE-8683-5
The BitLocker 'Require password for removable data drive' setting should be configured correctly.

CCE-8983-9
The BitLocker 'Minimum password length for removable data drive' setting should be configured correctly.

CCE-9046-4
Validation of the 'Master Boot Record (MBR) Partition Table' Platform Configuration Register (aka PCR 5) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9000-1
The 'Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' setting should be configured correctly.

CCE-8587-8
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 17) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9079-5
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 13) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-8530-8
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 15) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CVE    77
CVE-2007-6753
CVE-2011-1262
CVE-2011-1261
CVE-2011-1266
...
*CPE
cpe:/o:microsoft:windows_7
OVAL    893
oval:org.secpod.oval:def:10947
oval:org.secpod.oval:def:10946
oval:org.secpod.oval:def:11231
oval:org.secpod.oval:def:6709
...
XCCDF    16
xccdf_saner20_benchmark_Windows_7_wmi_service_pack
xccdf_gov.nist_benchmark_USGCB-Windows-7-Energy
xccdf_org.secpod_benchmark_Windows_7
xccdf_nist_benchmark_Windows_7
...

© SecPod Technologies