[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*


CCE-10207-9
The "IPv6 Block of Protocols 41" option for the Windows Firewall setting should be configured correctly.

CCE-10644-3
The "Prevent users from sharing files within their profile" setting should be configured correctly.

CCE-10488-5
The "IPv6 Block of UDP 3544" option for the Windows Firewall setting should be configured correctly.

CCE-10499-2
The "Turn off Windows Startup Sound" setting should be configured correctly.

CCE-10774-8
The "Configure Windows NTP Client\SpecialPollInterval" setting should be configured correctly.

CCE-9892-1
The "Configure Windows NTP Client\CrossSiteSyncFlags" setting should be configured correctly.

CCE-10756-5
The "Configure Windows NTP Client\ResolvePeerBackoffMinutes" setting should be configured correctly.

CCE-9764-2
The Remote Desktop Services 'Set client connection encryption level' setting should be enabled or disabled as appropriate.

CCE-9559-6
The 'Turn off the Windows Messenger Customer Experience Improvement Program' setting should be configured correctly.

CCE-10531-2
The "Configure Windows NTP Client\ResolvePeerBackoffMaxTimes" setting should be configured correctly.

CCE-10368-9
The "Configure Windows NTP Client\Type" setting should be configured correctly.

CCE-10500-7
The "Configure Windows NTP Client\NtpServer" setting should be configured correctly.

CCE-9715-4
Auditing of 'Logon-Logoff: IPsec Main Mode' events on failure should be enabled or disabled as appropriate.

CCE-9913-5
Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-9990-3
Auditing of 'Audit system events' events on failure should be enabled or disabled as appropriate.

CCE-10175-8
Auditing of 'Audit privilege use' events on failure should be enabled or disabled as appropriate.

CCE-10088-3
Auditing of 'System: Other System Events' events on failure should be enabled or disabled as appropriate.

CCE-10082-6
Auditing of 'Audit process tracking' events on failure should be enabled or disabled as appropriate.

CCE-9412-8
Auditing of 'Detailed Tracking: DPAPI Activity' events on failure should be enabled or disabled as appropriate.

CCE-8857-5
Auditing of 'Logon-Logoff: IPsec Extended Mode' events on failure should be enabled or disabled as appropriate.

CCE-10118-8
Auditing of 'Audit logon events' events on failure should be enabled or disabled as appropriate.

CCE-9214-8
Auditing of 'Audit directory service access' events on failure should be enabled or disabled as appropriate.

CCE-9445-8
Auditing of 'Account Logon: Other Account Logon Events' events on failure should be enabled or disabled as appropriate.

CCE-10169-1
Auditing of 'Audit account management' events on failure should be enabled or disabled as appropriate.

CCE-10049-5
Auditing of 'Policy Change: Other Policy Change Events' events on failure should be enabled or disabled as appropriate.

CCE-9502-6
Auditing of 'Account Logon: Kerberos Authentication Service' events on failure should be enabled or disabled as appropriate.

CCE-9755-0
Auditing of 'DS Access: Directory Service Replication' events on failure should be enabled or disabled as appropriate.

CCE-9526-5
Auditing of 'DS Access: Detailed Directory Service Replication' events on failure should be enabled or disabled as appropriate.

CCE-9023-3
Auditing of 'Logon-Logoff: Account Lockout' events on failure should be enabled or disabled as appropriate.

CCE-8860-9
Auditing of 'Object Access:��Application Generated' events on failure should be enabled or disabled as appropriate.

CCE-8829-4
Auditing of 'Account Management: Distribution Group Management' events on failure should be enabled or disabled as appropriate.

CCE-9159-5
Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate.

CCE-9629-7
Auditing of 'Audit object access' events on failure should be enabled or disabled as appropriate.

CCE-9671-9
Auditing of 'Logon-Logoff: IPsec Quick Mode' events on failure should be enabled or disabled as appropriate.

CCE-9137-1
Auditing of 'Object Access:��Kernel Object' events on failure should be enabled or disabled as appropriate.

CCE-10098-2
Auditing of 'Object Access:��Handle Manipulation' events on failure should be enabled or disabled as appropriate.

CCE-9791-5
Auditing of 'DS Access: Directory Service Access' events on failure should be enabled or disabled as appropriate.

CCE-9364-1
Auditing of 'Detailed Tracking: RPC Events' events on failure should be enabled or disabled as appropriate.

CCE-9488-8
Auditing of 'Object Access:��Certification Services' events on failure should be enabled or disabled as appropriate.

CCE-9818-6
Auditing of 'Detailed Tracking: Process Termination' events on failure should be enabled or disabled as appropriate.

CCE-10081-8
Auditing of 'Policy Change: Filtering Platform Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-9631-3
Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on failure should be enabled or disabled as appropriate.

CCE-10050-3
Auditing of 'Policy Change: Authorization Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-9569-5
Auditing of 'Object Access:��Filtering Platform Connection' events on failure should be enabled or disabled as appropriate.

CCE-9741-0
Auditing of 'Logon-Logoff: Network Policy Server' events on failure should be enabled or disabled as appropriate.

CCE-9545-5
Auditing of 'Object Access:��Other Object Access Events' events on failure should be enabled or disabled as appropriate.

CCE-9887-1
Auditing of 'Audit account logon events' events on failure should be enabled or disabled as appropriate.

CCE-9591-9
Auditing of 'Account Management: Application Group Management' events on failure should be enabled or disabled as appropriate.

CCE-8850-0
Auditing of 'DS Access: Directory Service Changes' events on failure should be enabled or disabled as appropriate.

CCE-9405-2
Auditing of 'Object Access:��File Share' events on failure should be enabled or disabled as appropriate.

CCE-8861-7
Auditing of 'Object Access: Detailed File Share' events on failure should be enabled or disabled as appropriate.

CCE-9845-9
Auditing of 'Object Access:��SAM' events on failure should be enabled or disabled as appropriate.

CCE-10144-4
Auditing of 'Audit policy change' events on failure should be enabled or disabled as appropriate.

CCE-9269-2
Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on failure should be enabled or disabled as appropriate.

CCE-9314-6
Auditing of 'Privilege Use: Other Privilege Use Events' events on failure should be enabled or disabled as appropriate.

CCE-9361-7
The 'Registry policy processing' setting should be enabled or disabled as appropriate.

CCE-9608-1
Auditing of 'Account Management: Computer Account Management' events on failure should be enabled or disabled as appropriate.

CCE-9683-4
Auditing of 'Logon-Logoff: Logon' events on success should be enabled or disabled as appropriate.

CCE-10939-7
DEPRECATED in favor of CCE-9715-4, CCE-8956-5. Previously: Auditing of 'Logon-Logoff: IPsec Main Mode' events on success should be enabled or disabled as appropriate.

CCE-9763-4
Auditing of 'Logon-Logoff: Special Logon' events on success should be enabled or disabled as appropriate.

CCE-9850-9
Auditing of 'System: Security State Change' events on success should be enabled or disabled as appropriate.

CCE-10450-5
DEPRECATED in favor of CCE-10078-4, CCE-9737-8.

CCE-9668-5
Auditing of 'Account Management: Other Account Management Events' events on failure should be enabled or disabled as appropriate.

CCE-9058-9
Auditing of 'Logon-Logoff: Logoff' events on failure should be enabled or disabled as appropriate.

CCE-9800-4
Auditing of 'Account Management: User Account Management' events on failure should be enabled or disabled as appropriate.

CCE-9692-5
Auditing of 'Account Management: Security Group Management' events on success should be enabled or disabled as appropriate.

CCE-9737-8
Auditing of 'Object Access:��Registry' events on success should be enabled or disabled as appropriate.

CCE-9811-1
Auditing of 'Object Access:��File System' events on failure should be enabled or disabled as appropriate.

CCE-9235-3
Auditing of 'Policy Change: Audit Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-9925-9
Auditing of 'System: IPsec Driver' events on success should be enabled or disabled as appropriate.

CCE-9531-5
The 'Network access: Allow anonymous SID/Name translation' setting should be configured correctly.

CCE-9805-3
Auditing of 'Detailed Tracking: Process Creation' events on failure should be enabled or disabled as appropriate.

CCE-9520-8
Auditing of 'System: System Integrity' events on success should be enabled or disabled as appropriate.

CCE-9985-3
The 'Allow users to connect remotely using Remote Desktop Services' setting should be configured correctly.

CCE-9998-6
Auditing of 'System: Security System Extension' events on failure should be enabled or disabled as appropriate.

CCE-9976-2
Auditing of 'Policy Change: Authentication Policy Change' events on success should be enabled or disabled as appropriate.

CCE-10551-0
DEPRECATED in favor of CCE-9811-1, CCE-9217-1.

CCE-9878-0
Auditing of 'Privilege Use: Sensitive Privilege Use' events on success should be enabled or disabled as appropriate.

CCE-9725-3
Auditing of 'Account Logon: Credential Validation' events on success should be enabled or disabled as appropriate.

CCE-10051-1
The screen saver should be enabled or disabled as appropriate for the current user.

CCE-10077-6
The 'Allow Remote Shell Access' setting should be configured correctly.

CCE-10014-9
Auditing of 'Policy Change: Authentication Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-10078-4
Auditing of 'Object Access: Registry' events on failure should be enabled or disabled as appropriate.

CCE-10021-4
Auditing of 'Policy Change: Audit Policy Change' events on success should be enabled or disabled as appropriate.

CCE-10076-8
The 'Notify antivirus programs when opening attachments' setting should be configured correctly.

CCE-10061-0
The 'Turn off printing over HTTP' setting should be configured correctly.

CCE-10205-3
The 'Reschedule Automatic Updates scheduled installations' setting should be enabled or disabled as appropriate.

CCE-8423-6
The 'Change the time zone' user right should be assigned to the appropriate accounts.

CCE-10140-2
The 'Turn off Search Companion content file updates' setting should be configured correctly.

CCE-10093-3
The 'Turn off Windows Update device driver searching' setting should be configured correctly.

CCE-8414-5
The 'Bypass traverse checking' user right should be assigned to the appropriate accounts.

CCE-10103-0
The 'Always prompt for password upon connection' setting should be configured correctly.

CCE-8503-5
The 'Microsoft network server: Server SPN target name validation level' setting should be configured correctly.

CCE-10129-5
The Windows Explorer 'Remove Security tab' setting should be configured correctly.

CCE-8460-8
The 'Create symbolic links' user right should be assigned to the appropriate accounts.

CCE-8407-9
Auditing of 'Audit system events' events on success should be enabled or disabled as appropriate.

CCE-8484-8
The built-in Administrator account should be correctly named.

CCE-8560-5
The 'MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)' setting should be configured correctly.

CCE-8562-1
The 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' setting should be configured correctly.

CCE-8475-6
The 'Perform volume maintenance tasks' user right should be assigned to the appropriate accounts.

CCE-10154-3
The 'Do not process the run once list' setting should be configured correctly.

CCE-8431-9
The 'Create global objects' user right should be assigned to the appropriate accounts.

CCE-10156-8
The 'Maximum Log Size (KB)' setting should be configured correctly for the system log.

CCE-10183-2
The 'Prevent the computer from joining a homegroup' setting should be configured correctly.

CCE-8513-4
The 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' setting should be configured correctly.

CCE-10490-1
The 'Remove CD Burning features' setting should be configured correctly.

CCE-10181-6
The 'RPC Endpoint Mapper Client Authentication' setting should be configured correctly.

CCE-10090-9
The 'Do not allow passwords to be saved' setting should be configured correctly.

CCE-10092-5
The 'Require trusted path for credential entry' setting should be enabled or disabled as appropriate.

CCE-10148-5
The 'Screen Saver timeout' setting should be configured correctly.

CCE-8487-1
The 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' setting should be configured correctly.

CCE-10166-7
The 'Do not preserve zone information in file attachments' setting should be configured correctly.

CCE-8467-3
The 'Impersonate a client after authentication' user right should be assigned to the appropriate accounts.

CCE-8806-2
The 'Network security: LAN Manager authentication level' setting should be configured correctly.

CCE-8870-8
Windows Firewall should allow or block outbound connections by default as appropriate for the Private Profile.

CCE-8817-9
The 'User Account Control: Virtualize file and registry write failures to per-user locations' setting should be configured correctly.

CCE-8654-6
The 'Network access: Do not allow storage of passwords and credentials for network authentication' setting should be configured correctly.

CCE-8804-7
The 'Network security: Allow LocalSystem NULL session fallback' setting should be configured correctly.

CCE-8789-0
The 'Audit: Audit the use of Backup and Restore privilege' setting should be configured correctly.

CCE-8813-8
The 'User Account Control: Behavior of the elevation prompt for standard users' setting should be configured correctly.

CCE-8732-0
The 'Replace a process level token' user right should be assigned to the appropriate accounts.

CCE-8612-4
The 'Change the system time' user right should be assigned to the appropriate accounts.

CCE-8811-2
The 'User Account Control: Admin Approval Mode for the Built-in Administrator account' setting should be configured correctly.

CCE-8591-0
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.

CCE-8868-2
The 'Devices: Allowed to format and eject removable media' setting should be configured correctly.

CCE-8822-9
Auditing of 'Account Management: Application Group Management' events on success should be enabled or disabled as appropriate.

CCE-8714-8
The 'Accounts: Guest account status' setting should be configured correctly.

CCE-8853-4
Auditing of 'Logon-Logoff: Account Lockout' events on success should be enabled or disabled as appropriate.

CCE-8884-9
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the private profile.

CCE-8807-0
The 'Recovery console: Allow automatic administrative logon' setting should be configured correctly.

CCE-8784-1
The 'MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended)' setting should be configured correctly.

CCE-8818-7
The 'Interactive logon: Require Domain Controller authentication to unlock workstation' setting should be configured correctly.

CCE-8740-3
The 'Interactive logon: Message title for users attempting to log on' setting should be configured correctly.

CCE-8655-3
The 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly.

CCE-8912-8
The "enforce password history" policy should meet minimum requirements.

CCE-8825-2
The 'Microsoft network server: Digitally sign communications (if client agrees)' setting should be configured correctly.

CCE-8856-7
Auditing of 'Logon-Logoff: Logoff' events on success should be enabled or disabled as appropriate.

CCE-8930-0
The 'Enable computer and user accounts to be trusted for delegation' user right should be assigned to the appropriate accounts.

CCE-8583-7
The 'Debug programs' user right should be assigned to the appropriate accounts.

CCE-9136-3
The 'Account lockout threshold' setting should be configured correctly.

CCE-8937-5
The 'Network security: Do not store LAN Manager hash value on next password change' setting should be configured correctly.

CCE-9014-2
The 'Shut down the system' user right should be assigned to the appropriate accounts.

CCE-9112-4
The 'System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies' setting should be configured correctly.

CCE-9123-1
The 'Domain member: Maximum machine account password age' setting should be configured correctly.

CCE-9007-6
Windows Firewall should allow or block inbound connections by default as appropriate for the Public Profile.

CCE-9076-1
Auditing of 'Logon-Logoff: Network Policy Server' events on success should be enabled or disabled as appropriate.

CCE-8999-5
The 'Increase scheduling priority' user right should be assigned to the appropriate accounts.

CCE-9098-5
The 'Deny log on as a service' user right should be assigned to the appropriate accounts.

CCE-8973-0
The 'Interactive logon: Message text for users attempting to log on' setting should be configured correctly.

CCE-9069-6
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Domain Profile.

CCE-9121-5
The 'Network access: Remotely accessible registry paths' setting should be configured correctly.

CCE-9056-3
Auditing of 'Account Management: Security Group Management' events on failure should be enabled or disabled as appropriate.

CCE-9021-7
The 'User Account Control: Only elevate executables that are signed and validated' setting should be configured correctly.

CCE-9067-0
The 'Interactive logon: Smart card removal behavior' setting should be configured correctly.

CCE-9026-6
The 'Devices: Prevent users from installing printer drivers' setting should be configured correctly.

CCE-9124-9
The 'Restore files and directories' user right should be assigned to the appropriate accounts.

CCE-8936-7
The 'Network access: Let Everyone permissions apply to anonymous users' setting should be configured correctly.

CCE-9135-5
The 'Load and unload device drivers' user right should be assigned to the appropriate accounts.

CCE-8958-1
The 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' setting should be configured correctly.

CCE-9048-0
The 'Increase a process working set' user right should be assigned to the appropriate accounts.

CCE-8945-8
The 'Recovery console: Allow floppy copy and access to all drives and all folders' setting should be configured correctly.

CCE-9096-9
The 'Network security: Allow Local System to use computer identity for NTLM' setting should be configured correctly.

CCE-8956-5
Auditing of 'Logon-Logoff: IPsec Main Mode' events on success should be enabled or disabled as appropriate.

CCE-8974-8
The 'Domain member: Digitally encrypt or sign secure channel data (always)' setting should be configured correctly.

CCE-9107-4
The 'Allow log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.

CCE-9040-7
The 'Microsoft network server: Digitally sign communications (always)' setting should be configured correctly.

CCE-9068-8
The 'Adjust memory quotas for a process' user right should be assigned to the appropriate accounts.

CCE-9133-0
Auditing of 'Object Access: Filtering Platform Packet Drop' events on success should be enabled or disabled as appropriate.

CCE-9066-2
Auditing of 'Audit privilege use' events on success should be enabled or disabled as appropriate.

CCE-9223-9
The 'Manage auditing and security log' user right should be assigned to the appropriate accounts.

CCE-9212-2
The 'Deny log on as a batch job' user right should be assigned to the appropriate accounts.

CCE-9258-5
Auditing of 'Account Logon: Kerberos Authentication Service' events on success should be enabled or disabled as appropriate.

CCE-9249-4
The 'Network access: Do not allow anonymous enumeration of SAM accounts' setting should be configured correctly.

CCE-9193-4
The 'Maximum password age' setting should be configured correctly.

CCE-9227-0
Auditing of 'Detailed Tracking: Process Termination' events on success should be enabled or disabled as appropriate.

CCE-9191-8
The 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' setting should be configured correctly.

CCE-9149-6
The 'Modify an object label' user right should be assigned to the appropriate accounts.

CCE-9180-1
Auditing of 'Audit policy change' events on success should be enabled or disabled as appropriate.

CCE-9185-0
The 'Create a pagefile' user right should be assigned to the appropriate accounts.

CCE-9172-8
Auditing of 'Privilege Use: Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate.

CCE-9217-1
Auditing of 'Object Access: File System' events on success should be enabled or disabled as appropriate.

CCE-9150-4
The 'Audit: Audit the access of global system objects' setting should be configured correctly.

CCE-9196-7
The 'Network access: Shares that can be accessed anonymously' setting should be configured correctly.

CCE-9189-2
The 'User Account Control: Run all administrators in Admin Approval Mode' setting should be configured correctly.

CCE-9156-1
The 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' setting should be configured correctly.

CCE-9254-4
The 'Create permanent shared objects' user right should be assigned to the appropriate accounts.

CCE-9222-1
The 'Shutdown: Clear virtual memory pagefile' setting should be configured correctly.

CCE-9148-8
Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on success should be enabled or disabled as appropriate.

CCE-9244-5
The 'Deny access to this computer from the network' user right should be assigned to the appropriate accounts.

CCE-9226-2
The 'Generate security audits' user right should be assigned to the appropriate accounts.

CCE-9215-5
The 'Create a token object' user right should be assigned to the appropriate accounts.

CCE-9194-2
Auditing of 'System: System Integrity' events on failure should be enabled or disabled as appropriate.

CCE-9239-5
The 'Deny log on locally' user right should be assigned to the appropriate accounts.

CCE-9224-7
Auditing of 'Audit directory service access' events on success should be enabled or disabled as appropriate.

CCE-9213-0
Auditing of 'Logon-Logoff: Logon' events on failure should be enabled or disabled as appropriate.

CCE-9190-0
Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on success should be enabled or disabled as appropriate.

CCE-9162-9
Auditing of 'Audit object access' events on success should be enabled or disabled as appropriate.

CCE-9260-1
The 'Store passwords using reversible encryption' setting should be configured correctly.

CCE-9195-9
The 'Turn off downloading of print drivers over HTTP' setting should be configured correctly.

CCE-9229-6
The built-in Guest account should be correctly named.

CCE-9218-9
The 'Network access: Named Pipes that can be accessed anonymously' setting should be configured correctly.

CCE-9253-6
The 'Access this computer from the network' user right should be assigned to the appropriate accounts.

CCE-9179-3
Auditing of 'System: Security State Change' events on failure should be enabled or disabled as appropriate.

CCE-9153-8
Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on success should be enabled or disabled as appropriate.

CCE-9199-1
The 'Accounts: Administrator account status' setting should be configured correctly.

CCE-9251-0
The 'Domain member: Digitally encrypt secure channel data (when possible)' setting should be configured correctly.

CCE-9389-8
The 'Back up files and directories' user right should be assigned to the appropriate accounts.

CCE-9321-1
Auditing of 'Audit account logon events' events on success should be enabled or disabled as appropriate.

CCE-9289-0
The 'Lock pages in memory' user right should be assigned to the appropriate accounts.

CCE-9387-2
The 'Domain member: Require strong (Windows 2000 or later) session key' setting should be configured correctly.

CCE-9330-2
The 'Minimum password age' setting should be configured correctly.

CCE-9376-5
Auditing of 'Object Access: File Share' events on success should be enabled or disabled as appropriate.

CCE-9365-8
Auditing of 'Audit logon events' events on success should be enabled or disabled as appropriate.

CCE-9347-6
Auditing of 'Audit process tracking' events on success should be enabled or disabled as appropriate.

CCE-9301-3
The 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' setting should be configured correctly.

CCE-9336-9
The 'Force shutdown from a remote system' user right should be assigned to the appropriate accounts.

CCE-9345-0
The 'Allow log on locally' user right should be assigned to the appropriate accounts.

CCE-9358-3
The 'Microsoft network server: Disconnect clients when logon hours expire' setting should be configured correctly.

CCE-9381-5
The 'System cryptography: Force strong key protection for user keys stored on the computer' setting should be configured correctly.

CCE-9317-9
The 'Interactive logon: Do not require CTRL+ALT+DEL' setting should be configured correctly.

CCE-9370-8
The 'Password must meet complexity requirements' policy should be set correctly.

CCE-9326-0
The 'Remove computer from docking station' user right should be assigned to the appropriate accounts.

CCE-9304-7
The 'Devices: Restrict CD-ROM access to locally logged-on user only' setting should be configured correctly.

CCE-9339-3
Auditing of 'Audit account management' events on success should be enabled or disabled as appropriate.

CCE-9265-0
The 'Microsoft network client: Send unencrypted password to third-party SMB servers' setting should be configured correctly.

CCE-9319-5
The 'System objects: Require case insensitivity for non-Windows subsystems' setting should be configured correctly.

CCE-9274-2
The 'Deny log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.

CCE-9308-8
The 'Account lockout duration' setting should be configured correctly.

CCE-9396-3
The 'Restrictions for Unauthenticated RPC clients' setting should be configured correctly.

CCE-9320-3
The 'Log on as a batch job' user right should be assigned to the appropriate accounts.

CCE-9344-3
The 'Microsoft network client: Digitally sign communications (if server agrees)' setting should be configured correctly.

CCE-9266-8
The 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' setting should be configured correctly.

CCE-9342-7
The 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' setting should be configured correctly.

CCE-9388-0
The 'Profile single process' user right should be assigned to the appropriate accounts.

CCE-9348-4
The 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' setting should be configured correctly.

CCE-9400-3
The 'Reset account lockout counter after' setting should be configured correctly.

CCE-9357-5
The 'Minimum password length' setting should be configured correctly.

CCE-9295-7
The 'Domain member: Disable machine account password changes' setting should be configured correctly.

CCE-9329-4
The 'Windows Firewall: Domain: Apply local connection security rules' setting should be configured correctly.

CCE-9327-8
The 'Microsoft network client: Digitally sign communications (always)' setting should be configured correctly.

CCE-9380-7
The 'Access Credential Manager as a trusted caller' user right should be assigned to the appropriate accounts.

CCE-9403-7
Automatic Updates should be enabled or disabled as appropriate.

CCE-9309-6
The 'Take ownership of files or other objects' user right should be assigned to the appropriate accounts.

CCE-9386-4
The 'Network access: Remotely accessible registry paths and sub-paths' setting should be configured correctly.

CCE-9375-7
The 'Domain member: Digitally sign secure channel data (when possible)' setting should be configured correctly.

CCE-9307-0
The 'Interactive logon: Prompt user to change password before expiration' setting should be configured correctly.

CCE-9395-5
The 'User Account Control: Switch to the secure desktop when prompting for elevation' setting should be configured correctly.

CCE-9498-7
Auditing of 'Account Management: Computer Account Management' events on success should be enabled or disabled as appropriate.

CCE-9465-6
The Windows Firewall should be enabled or disabled as appropriate for the Domain Profile.

CCE-9487-0
The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

CCE-9456-5
The 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

CCE-9432-6
The 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' setting should be configured correctly.

CCE-9458-1
The 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' setting should be configured correctly.

CCE-9521-6
Auditing of 'Logon-Logoff: Special Logon' events on failure should be enabled or disabled as appropriate.

CCE-9532-3
The 'Network Security: Configure encryption types allowed for Kerberos' setting should be configured correctly.

CCE-9522-4
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Private Profile.

CCE-9439-1
The 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' setting should be configured correctly.

CCE-9426-8
The 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' setting should be configured correctly.

CCE-9406-0
The 'Microsoft network server: Amount of idle time required before suspending session' setting should be configured correctly.

CCE-9417-7
The 'Modify firmware environment values' user right should be assigned to the appropriate accounts.

CCE-9492-0
Auditing of 'Detailed Tracking: RPC Events' events on success should be enabled or disabled as appropriate.

CCE-9496-1
The 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly.

CCE-9461-5
The 'Log on as a service' user right should be assigned to the appropriate accounts.

CCE-9506-7
User-intiated solicitations for remote assistance (aka the 'Solicited Remote Assistance' setting) should be enabled or disabled as appropriate.

CCE-9419-3
The 'Profile system performance' user right should be assigned to the appropriate accounts.

CCE-9528-1
The 'Turn off Autoplay' setting should be configured correctly.

CCE-9440-9
The 'Devices: Restrict floppy access to locally logged-on user only' setting should be configured correctly.

CCE-9540-6
The 'Network access: Restrict anonymous access to Named Pipes and Shares' setting should be configured correctly.

CCE-9509-1
Windows Firewall should allow or block outbound connections by default as appropriate for the Domain Profile.

CCE-9464-9
The 'Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box' setting should be configured correctly.

CCE-9542-2
Auditing of 'Account Management: User Account Management' events on success should be enabled or disabled as appropriate.

CCE-9455-7
Auditing of 'Object Access: Other Object Access Events' events on success should be enabled or disabled as appropriate.

CCE-9534-9
The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

CCE-9501-8
The 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' setting should be configured correctly.

CCE-9449-0
The 'Interactive logon: Do not display last user name' setting should be configured correctly.

CCE-9418-5
The 'Accounts: Limit local account use of blank passwords to console logon only' setting should be configured correctly.

CCE-9503-4
The 'Network access: Sharing and security model for local accounts' setting should be configured correctly.

CCE-9460-7
Auditing of 'Object Access: Certification Services' events on success should be enabled or disabled as appropriate.

CCE-9407-8
The 'Act as part of the operating system' user right should be assigned to the appropriate accounts.

CCE-9704-8
The 'Network security: Force logoff when logon hours expire' setting should be configured correctly.

CCE-9596-8
Auditing of 'Policy Change: Other Policy Change Events' events on success should be enabled or disabled as appropriate.

CCE-9694-1
Windows Firewall should allow or block inbound connections by default as appropriate for the Private Profile.

CCE-9739-4
The Windows Firewall should be enabled or disabled as appropriate for the Private Profile.

CCE-9670-1
The 'Require a Password When a Computer Wakes (Plugged In)' setting should be configured correctly.

CCE-9628-9
Auditing of 'DS Access: Detailed Directory Service Replication' events on success should be enabled or disabled as appropriate.

CCE-9661-0
Auditing of 'Logon-Logoff: IPsec Extended Mode' events on success should be enabled or disabled as appropriate.

CCE-9728-7
Auditing of 'Object Access: Filtering Platform Connection' events on success should be enabled or disabled as appropriate.

CCE-9672-7
The 'No auto-restart with logged on users for scheduled automatic updates installations' setting should be configured correctly.

CCE-9663-6
The 'Windows Firewall: Private: Apply local firewall rules' setting should be configured correctly.

CCE-9674-3
The 'Turn off Internet download for Web publishing and online ordering wizards' setting should be configured correctly.

CCE-9742-8
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the public profile.

CCE-9644-6
Auditing of 'Account Management: Distribution Group Management' events on success should be enabled or disabled as appropriate.

CCE-9633-9
Auditing of 'Policy Change: Authorization Policy Change' events on success should be enabled or disabled as appropriate.

CCE-9620-6
Windows Firewall should allow or block inbound connections by default as appropriate for the Domain Profile.

CCE-9720-4
Auditing of 'Object Access: Detailed File Share' events on success should be enabled or disabled as appropriate.

CCE-9657-8
Auditing of 'Account Management: Other Account Management Events' events on success should be enabled or disabled as appropriate.

CCE-9622-2
Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on success should be enabled or disabled as appropriate.

CCE-9735-2
Auditing of 'Detailed Tracking: DPAPI Activity' events on success should be enabled or disabled as appropriate.

CCE-9637-0
Auditing of 'DS Access: Directory Service Replication' events on success should be enabled or disabled as appropriate.

CCE-9684-2
The 'Hide mechanisms to remove zone information' setting should be configured correctly.

CCE-9718-8
Auditing of 'Account Logon: Credential Validation' events on failure should be enabled or disabled as appropriate.

CCE-9586-9
Auditing of 'System: Other System Events' events on success should be enabled or disabled as appropriate.

CCE-9562-0
Auditing of 'Detailed Tracking: Process Creation' events on success should be enabled or disabled as appropriate.

CCE-9686-7
The 'Windows Firewall: Domain: Apply local firewall rules' setting should be configured correctly.

CCE-9588-5
Windows Firewall should allow or block outbound connections by default as appropriate for the Public Profile.

CCE-9707-1
The 'Shutdown: Allow system to be shut down without having to log on' setting should be configured correctly.

CCE-9579-4
The 'System settings: Optional subsystems' setting should be configured correctly.

CCE-9677-6
The 'Prevent access to registry editing tools' setting should be configured correctly.

CCE-9643-8
The 'Turn off the "Publish to Web" task for files and folders' setting should be configured correctly.

CCE-9730-3
The 'Password protect the screen saver' setting should be configured correctly.

CCE-9632-1
Auditing of 'Logon-Logoff: IPsec Quick Mode' events on success should be enabled or disabled as appropriate.

CCE-9712-1
The 'Windows Firewall: Private: Apply local connection security rules' setting should be configured correctly.

CCE-9734-5
Auditing of 'DS Access: Directory Service Changes' events on success should be enabled or disabled as appropriate.

CCE-9616-4
The 'User Account Control: Detect application installations and prompt for elevation' setting should be configured correctly.

CCE-9736-0
The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.

CCE-9603-2
The 'Maximum Log Size (KB)' setting should be configured correctly for the application log.

CCE-9802-0
Auditing of 'System: IPsec Driver' events on failure should be enabled or disabled as appropriate.

CCE-9770-9
The 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' setting should be configured correctly.

CCE-9902-8
Auditing of 'Policy Change: Filtering Platform Policy Change' events on success should be enabled or disabled as appropriate.

CCE-9926-7
The "Log File Path and Name" for the Windows Firewall should be configured correctly for the Public Profile.

CCE-9817-8
The 'Windows Firewall: Public: Apply local connection security rules' setting should be configured correctly.

CCE-9808-7
Auditing of 'Account Logon: Other Account Logon Events' events on success should be enabled or disabled as appropriate.

CCE-9774-1
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the domain profile.

CCE-9960-6
Unsolicited offers of remote assistance (aka the 'Offer Remote Assistance' setting) should be automatically rejected or passed to the logged-on user for confirmation as appropriate.

CCE-9753-5
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Public Profile.

CCE-9768-3
The 'Network security: LDAP client signing requirements' setting should be configured correctly.

CCE-9988-7
Auditing of 'Privilege Use: Other Privilege Use Events' events on success should be enabled or disabled as appropriate.

CCE-9958-0
The 'Force specific screen saver' setting should be configured correctly.

CCE-9801-2
The 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' setting should be configured correctly.

CCE-9749-3
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Public Profile.

CCE-9816-0
Auditing of 'Object Access: Application Generated' events on success should be enabled or disabled as appropriate.

CCE-9803-8
Auditing of 'Object Access: Kernel Object' events on success should be enabled or disabled as appropriate.

CCE-10250-9
The "Log File Size Limit" for the Windows Firewall should be configured correctly for the Private Profile.

CCE-9829-3
The 'Require a Password When a Computer Wakes (On Battery)' setting should be configured correctly.

CCE-9938-2
The 'Enumerate administrator accounts on elevation' setting should be configured correctly.

CCE-10502-3
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-9773-3
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Public Profile.

CCE-10611-2
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Private Profile.

CCE-9786-5
The 'Windows Firewall: Public: Apply local firewall rules' setting should be configured correctly.

CCE-10215-2
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Private Profile.

CCE-9918-4
The 'Turn off Data Execution Prevention for Explorer' setting should be configured correctly.

CCE-9863-2
Auditing of 'System: Security System Extension' events on success should be enabled or disabled as appropriate.

CCE-9765-9
Auditing of 'DS Access: Directory Service Access' events on success should be enabled or disabled as appropriate.

CCE-9983-8
The 'Do not process the legacy run list' setting should be configured correctly.

CCE-10268-1
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-9789-9
Auditing of 'Object Access: Handle Manipulation' events on success should be enabled or disabled as appropriate.

CCE-9856-6
Auditing of 'Object Access: SAM' events on success should be enabled or disabled as appropriate.

CCE-10373-9
The "Log File Size Limit" for the Windows Firewall should be configured correctly for the Public Profile.

CCE-10022-2
The "Log File Path and Name" for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-10386-1
The "Log File Path and Name" for the Windows Firewall should be configured correctly for the Private Profile.

CCE-9747-7
The "Log File Size Limit" for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-10160-0
The "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting should be configured correctly.

CCE-10658-3
The "Turn off handwriting personalization data sharing" setting should be configured correctly.

CCE-9783-2
The "Turn on Mapper I/O (LLTDIO) Driver" setting should be configured correctly.

CCE-10645-0
The "Turn Off Handwriting Reconition Error Reporting" setting should be configured correctly.

CCE-10438-0
The startup type of Microsoft Peer-to-Peer Networking Services should be configured correctly.

CCE-10778-9
The "Prohibit Access of the Windows Connect Now Wizards" setting should be configured correctly.

CCE-10787-0
The "Turn off Program Inventory" setting should be configured correctly.

CCE-9819-4
The "Turn Off Event Views "Events.asp" Links" setting should be configured correctly.

CCE-10408-3
The "Configure Windows NTP Client\EventLogFlags" setting should be configured correctly.

CCE-9842-6
The "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider" setting should be configured correctly.

CCE-9953-1
Installation and Configuration of Network Bridge on the DNS Domain Network should be properly configured.

CCE-10130-3
The "ISATAP State" setting for IPv6 should be configured correctly.

CCE-9879-8
The "Configuration of wireless settings using Windows Connect Now" setting should be configured correctly for Wireless Connect Now over Ethernet (UPnP).

CCE-10165-9
The "Prevent device metadata retrieval from internet" setting should be configured correctly.

CCE-10441-4
The "Enable Error Reporting" policy should be set correctly.

CCE-10606-2
The "Troubleshooting: Allow user to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via Windows Online Troubleshooting Service - WOTS)" setting should be configured correctly.

CCE-10694-8
The "Turn off Windows Update device driver search prompt" setting should be configured correctly.

CCE-10681-5
The "Turn Off Automatic Root Certificates Update" setting should be configured correctly.

CCE-9901-0
The "Do not send a Windows Error Report when a generic driver is installed on a device" setting should be configured correctly.

CCE-10219-4
The "Enable/Disable PerfTrack" setting should be configured correctly.

CCE-10553-6
The "Do not create system restore point when new device driver installed" setting should be configured correctly.

CCE-10795-3
The "Turn Off Internet File Association Service" setting should be configured correctly.

CCE-10359-8
The "Require domain users to elevate when setting a network's location" setting should be configured correctly.

CCE-10764-9
The "IP HTTPS" state setting should be configured correctly.

CCE-9797-2
Installation and Configuration of Network Bridge on the DNS Domain Network should be properly configured.

CCE-10655-9
The "Turn off Autoplay for non-volume devices" setting should be configured correctly.

CCE-10059-4
The "Turn on Responder (RSPNDR) Driver" setting should be configured correctly.

CCE-9919-2
The "Specify Search Order for device driver source locations" setting should be configured correctly.

CCE-10266-5
The "6to4 State" setting should be configured correctly.

CCE-10649-2
The "Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com" setting should be configured correctly.

CCE-10769-8
The "Allow remote access to the PnP interface" setting should be configured correctly.

CCE-10527-0
The default behavior for AutoRun should be properly configured.

CCE-10344-0
The "Turn on session logging" setting should be configured correctly.

CCE-10591-6
Use Classic Logon should be properly configured.

CCE-10782-1
The "Extend Point and Print connection to search Windows Update and use alternate connection if needed" setting should be configured correctly.

CCE-9823-6
The "Turn Off the 'Order Prints' Picture Task" setting should be configured correctly.

CCE-10509-8
The "Route all traffic through the internal network" setting should be configured correctly.

CCE-10011-5
The "Teredo State" setting should be configured correctly.

CCE-10850-6
The "Turn off game updates" setting should be configured correctly.

CCE-10543-7
The startup type of the Homegroup Listener service should be correct.

CCE-10828-2
The "Turn Off Downloading of Game Information" setting should be configured correctly.

CCE-10623-7
The "Turn off shell protocol protected mode" setting should be configured correctly.

CCE-10007-3
The "Turn on Basic feed authentication over HTTP" setting should be configured correctly.

CCE-10730-0
The "Turn off downloading of enclosures" setting should be configured correctly.

CCE-10811-8
The "Disable unpacking and installation of gadgets that are not digitally signed" setting should be configured correctly.

CCE-10496-8
The "Allow indexing of encrypted files" setting should be configured correctly.

CCE-10692-2
The "Do Not Show First Use Dialog Boxes" setting for Windows Media Player should be configured correctly.

CCE-9907-7
The "Report Logon Server Not Available During User logon" setting should be configured correctly.

CCE-9875-6
The "Set Safe for Scripting" policy should be set correctly.

CCE-9888-9
The "Prohibit non-administrators from applying vendor signed updates" setting should be configured correctly.

CCE-10602-1
The "Disable Media Player for automatic updates" policy should be set correctly.

CCE-9864-0
The "Do not use temporary folders per session" setting should be configured correctly.

CCE-10844-9
The startup type of the WWAN AutoConfig service should be correct.

CCE-10661-7
The startup type of the Bluetooth service should be correct.

CCE-9866-5
The "Prevent indexing uncached Exchange folders" setting should be configured correctly.

CCE-10608-8
The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.

CCE-10824-1
The Windows Error Reporting "Do not send additional data" setting should be configured correctly.

CCE-9868-1
The "Configure Microsoft SpyNet Reporting" setting should be configured correctly.

CCE-9857-4
The "Override the More Gadgets Link" setting should be configured correctly.

CCE-10150-1
The startup type of the Fax service should be correct.

CCE-10699-7
The startup type of the Media Center Extenders service should be correct.

CCE-10709-4
The Windows Error Reporting "Display Error Notification" setting should be configured correctly.

CCE-9914-3
The "Disable Windows Error Reporting" setting should be configured correctly.

CCE-10311-9
The startup type of the Parantal Controls service should be correct.

CCE-10157-6
The Windows Error Reporting "Disable Logging" setting should be configured correctly.

CCE-10714-4
The setup log maximum size should be configured correctly.

CCE-9874-9
The "Turn off Heap termination on corruption" setting should be configured correctly.

CCE-9908-5
The "Prevent Windows Media DRM Internet Access" setting should be configured correctly.

CCE-10137-8
The "Prevent Windows Anytime Upgrade from running" setting should be configured correctly.

CCE-10856-3
The "Do not delete temp folder upon exit" setting should be configured correctly.

CCE-9876-4
The "Enable User Control Over Installs" policy should be set correctly.

CCE-10586-6
The "Turn Off User Installed Windows Sidebar Gadgets" setting should be configured correctly.

CCE-9858-2
The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.

CCE-9910-1
The startup type of the Homegroup Provider service should be correct.

CCE-10763-1
The startup type of the NetMeeting Remote Desktop Sharing service should be correct.

CCE-10295-4
The "Turn off Help Ratings" setting should be configured correctly.

CCE-10759-9
The "Do not allow Digital Locker to run" setting should be configured correctly.

CCE-10882-9
The "Turn off Windows Mail application" setting should be configured correctly.

CCE-11252-4
The "Turn off the communitication features" setting should be configured correctly. (sic)

CPE    1
cpe:/o:microsoft:windows_7
*XCCDF
xccdf_nist_benchmark_Windows_7
OVAL    405
oval:gov.nist.usgcb.windowsseven:def:241
oval:gov.nist.usgcb.windowsseven:def:276
oval:org.secpod.oval:def:14576
oval:org.secpod.oval:def:14589
...

© 2013 SecPod Technologies