[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

Paid content will be excluded from the download.


Download | Alert*


CCE-9742-8
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the public profile.

CCE-10183-2
The 'Prevent the computer from joining a homegroup' setting should be configured correctly.

CCE-9136-3
The 'Account lockout threshold' setting should be configured correctly.

CCE-9320-3
The 'Log on as a batch job' user right should be assigned to the appropriate accounts.

CCE-8806-2
The 'Network security: LAN Manager authentication level' setting should be configured correctly.

CCE-9389-8
The 'Back up files and directories' user right should be assigned to the appropriate accounts.

CCE-8460-8
The 'Create symbolic links' user right should be assigned to the appropriate accounts.

CCE-10205-3
The 'Reschedule Automatic Updates scheduled installations' setting should be enabled or disabled as appropriate.

CCE-9960-6
Unsolicited offers of remote assistance (aka the 'Offer Remote Assistance' setting) should be automatically rejected or passed to the logged-on user for confirmation as appropriate.

CCE-9317-9
The 'Interactive logon: Do not require CTRL+ALT+DEL' setting should be configured correctly.

CCE-9463-1
The 'Audit: Shut down system immediately if unable to log security audits' setting should be configured correctly.

CCE-9694-1
Windows Firewall should allow or block inbound connections by default as appropriate for the Private Profile.

CCE-9026-6
The 'Devices: Prevent users from installing printer drivers' setting should be configured correctly.

CCE-10714-4
The setup log maximum size should be configured correctly.

CCE-8999-5
The 'Increase scheduling priority' user right should be assigned to the appropriate accounts.

CCE-9295-7
The 'Domain member: Disable machine account password changes' setting should be configured correctly.

CCE-9370-8
The 'Password must meet complexity requirements' policy should be set correctly.

CCE-9124-9
The 'Restore files and directories' user right should be assigned to the appropriate accounts.

CCE-9500-0
The 'Retain old events' setting should be configured correctly for the security log.

CCE-8817-9
The 'User Account Control: Virtualize file and registry write failures to per-user locations' setting should be configured correctly.

CCE-8930-0
The 'Enable computer and user accounts to be trusted for delegation' user right should be assigned to the appropriate accounts.

CCE-9185-0
The 'Create a pagefile' user right should be assigned to the appropriate accounts.

CCE-9739-4
The Windows Firewall should be enabled or disabled as appropriate for the Private Profile.

CCE-9534-9
The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

CCE-9329-4
The 'Windows Firewall: Domain: Apply local connection security rules' setting should be configured correctly.

CCE-9223-9
The 'Manage auditing and security log' user right should be assigned to the appropriate accounts.

CCE-9643-8
The 'Turn off the "Publish to Web" task for files and folders' setting should be configured correctly.

CCE-9801-2
The 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' setting should be configured correctly.

CCE-9344-3
The 'Microsoft network client: Digitally sign communications (if server agrees)' setting should be configured correctly.

CCE-10090-9
The 'Do not allow passwords to be saved' setting should be configured correctly.

CCE-8937-5
The 'Network security: Do not store LAN Manager hash value on next password change' setting should be configured correctly.

CCE-9212-2
The 'Deny log on as a batch job' user right should be assigned to the appropriate accounts.

CCE-8688-4
The minimum number of characters required for the BitLocker startup PIN used with the Trusted Platform Module (TPM) should be set correctly.

CCE-9670-1
The 'Require a Password When a Computer Wakes (Plugged In)' setting should be configured correctly.

CCE-9620-6
Windows Firewall should allow or block inbound connections by default as appropriate for the Domain Profile.

CCE-9220-5
The 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows ' setting should be configured correctly.

CCE-9036-5
The 'Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication' setting should be configured correctly.

CCE-8654-6
The 'Network access: Do not allow storage of passwords and credentials for network authentication' setting should be configured correctly.

CCE-9266-8
The 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' setting should be configured correctly.

CCE-9439-1
The 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' setting should be configured correctly.

CCE-10769-8
The "Allow remote access to the PnP interface" setting should be configured correctly.

CCE-8714-8
The 'Accounts: Guest account status' setting should be configured correctly.

CCE-10136-0
The 'Retain old events' setting should be configured correctly for the application log.

CCE-9289-0
The 'Lock pages in memory' user right should be assigned to the appropriate accounts.

CCE-8583-7
The 'Debug programs' user right should be assigned to the appropriate accounts.

CCE-8560-5
The 'MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)' setting should be configured correctly.

CCE-9387-2
The 'Domain member: Require strong (Windows 2000 or later) session key' setting should be configured correctly.

CCE-9525-7
The 'Network Security: Restrict NTLM: NTLM authentication in this domain' setting should be configured correctly.

CCE-10527-0
The default behavior for AutoRun should be properly configured.

CCE-8936-7
The 'Network access: Let Everyone permissions apply to anonymous users' setting should be configured correctly.

CCE-8974-8
The 'Domain member: Digitally encrypt or sign secure channel data (always)' setting should be configured correctly.

CCE-9831-9
The "Turn off Windows Customer Experience Improvement Program" setting should be configured correctly.

CCE-9465-6
The Windows Firewall should be enabled or disabled as appropriate for the Domain Profile.

CCE-9330-2
The 'Minimum password age' setting should be configured correctly.

CCE-9107-4
The 'Allow log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.

CCE-9540-6
The 'Network access: Restrict anonymous access to Named Pipes and Shares' setting should be configured correctly.

CCE-9733-7
The 'Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box' setting should be configured correctly.

CCE-10064-4
The 'Retain old events' setting should be configured correctly for the system log.

CCE-10077-6
The 'Allow Remote Shell Access' setting should be configured correctly.

CCE-9244-5
The 'Deny access to this computer from the network' user right should be assigned to the appropriate accounts.

CCE-9304-7
The 'Devices: Restrict CD-ROM access to locally logged-on user only' setting should be configured correctly.

CCE-9327-8
The 'Microsoft network client: Digitally sign communications (always)' setting should be configured correctly.

CCE-9098-5
The 'Deny log on as a service' user right should be assigned to the appropriate accounts.

CCE-9014-2
The 'Shut down the system' user right should be assigned to the appropriate accounts.

CCE-9135-5
The 'Load and unload device drivers' user right should be assigned to the appropriate accounts.

CCE-9150-4
The 'Audit: Audit the access of global system objects' setting should be configured correctly.

CCE-9342-7
The 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' setting should be configured correctly.

CCE-9388-0
The 'Profile single process' user right should be assigned to the appropriate accounts.

CCE-8912-8
The "enforce password history" policy should meet minimum requirements.

CCE-9487-0
The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

CCE-8958-1
The 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' setting should be configured correctly.

CCE-9464-9
The 'Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box' setting should be configured correctly.

CCE-9672-7
The 'No auto-restart with logged on users for scheduled automatic updates installations' setting should be configured correctly.

CCE-9040-7
The 'Microsoft network server: Digitally sign communications (always)' setting should be configured correctly.

CCE-9048-0
The 'Increase a process working set' user right should be assigned to the appropriate accounts.

CCE-9449-0
The 'Interactive logon: Do not display last user name' setting should be configured correctly.

CCE-10140-2
The 'Turn off Search Companion content file updates' setting should be configured correctly.

CCE-9123-1
The 'Domain member: Maximum machine account password age' setting should be configured correctly.

CCE-8973-0
The 'Interactive logon: Message text for users attempting to log on' setting should be configured correctly.

CCE-9309-6
The 'Take ownership of files or other objects' user right should be assigned to the appropriate accounts.

CCE-9494-6
The 'Network Security: Restrict NTLM: Incoming NTLM traffic' setting should be configured correctly.

CCE-9249-4
The 'Network access: Do not allow anonymous enumeration of SAM accounts' setting should be configured correctly.

CCE-9829-3
The 'Require a Password When a Computer Wakes (On Battery)' setting should be configured correctly.

CCE-9456-5
The 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

CCE-9663-6
The 'Windows Firewall: Private: Apply local firewall rules' setting should be configured correctly.

CCE-9226-2
The 'Generate security audits' user right should be assigned to the appropriate accounts.

CCE-9686-7
The 'Windows Firewall: Domain: Apply local firewall rules' setting should be configured correctly.

CCE-9418-5
The 'Accounts: Limit local account use of blank passwords to console logon only' setting should be configured correctly.

CCE-8487-1
The 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' setting should be configured correctly.

CCE-8825-2
The 'Microsoft network server: Digitally sign communications (if client agrees)' setting should be configured correctly.

CCE-9938-2
The 'Enumerate administrator accounts on elevation' setting should be configured correctly.

CCE-8562-1
The 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' setting should be configured correctly.

CCE-9301-3
The 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' setting should be configured correctly.

CCE-9193-4
The 'Maximum password age' setting should be configured correctly.

CCE-9253-6
The 'Access this computer from the network' user right should be assigned to the appropriate accounts.

CCE-8414-5
The 'Bypass traverse checking' user right should be assigned to the appropriate accounts.

CCE-9068-8
The 'Adjust memory quotas for a process' user right should be assigned to the appropriate accounts.

CCE-9007-6
Windows Firewall should allow or block inbound connections by default as appropriate for the Public Profile.

CCE-9712-1
The 'Windows Firewall: Private: Apply local connection security rules' setting should be configured correctly.

CCE-9336-9
The 'Force shutdown from a remote system' user right should be assigned to the appropriate accounts.

CCE-10779-7
The 'Encryption Level' option for the Remote Desktop Services 'Set client connection encryption level' setting should be configured correctly.

CCE-9215-5
The 'Create a token object' user right should be assigned to the appropriate accounts.

CCE-10103-0
The 'Always prompt for password upon connection' setting should be configured correctly.

CCE-9406-0
The 'Microsoft network server: Amount of idle time required before suspending session' setting should be configured correctly.

CCE-8813-8
The 'User Account Control: Behavior of the elevation prompt for standard users' setting should be configured correctly.

CCE-9189-2
The 'User Account Control: Run all administrators in Admin Approval Mode' setting should be configured correctly.

CCE-8475-6
The 'Perform volume maintenance tasks' user right should be assigned to the appropriate accounts.

CCE-9768-3
The 'Network security: LDAP client signing requirements' setting should be configured correctly.

CCE-8945-8
The 'Recovery console: Allow floppy copy and access to all drives and all folders' setting should be configured correctly.

CCE-9096-9
The 'Network security: Allow Local System to use computer identity for NTLM' setting should be configured correctly.

CCE-9265-0
The 'Microsoft network client: Send unencrypted password to third-party SMB servers' setting should be configured correctly.

CCE-9432-6
The 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' setting should be configured correctly.

CCE-9417-7
The 'Modify firmware environment values' user right should be assigned to the appropriate accounts.

CCE-10154-3
The 'Do not process the run once list' setting should be configured correctly.

CCE-8732-0
The 'Replace a process level token' user right should be assigned to the appropriate accounts.

CCE-9707-1
The 'Shutdown: Allow system to be shut down without having to log on' setting should be configured correctly.

CCE-9156-1
The 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' setting should be configured correctly.

CCE-9386-4
The 'Network access: Remotely accessible registry paths and sub-paths' setting should be configured correctly.

CCE-10608-8
The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.

CCE-9239-5
The 'Deny log on locally' user right should be assigned to the appropriate accounts.

CCE-9254-4
The 'Create permanent shared objects' user right should be assigned to the appropriate accounts.

CCE-8513-4
The 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' setting should be configured correctly.

CCE-9375-7
The 'Domain member: Digitally sign secure channel data (when possible)' setting should be configured correctly.

CCE-9503-4
The 'Network access: Sharing and security model for local accounts' setting should be configured correctly.

CCE-9121-5
The 'Network access: Remotely accessible registry paths' setting should be configured correctly.

CCE-9518-2
The 'Do not allow drive redirection' setting should be configured correctly.

CCE-10181-6
The 'RPC Endpoint Mapper Client Authentication' setting should be configured correctly.

CCE-9616-4
The 'User Account Control: Detect application installations and prompt for elevation' setting should be configured correctly.

CCE-9458-1
The 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' setting should be configured correctly.

CCE-9345-0
The 'Allow log on locally' user right should be assigned to the appropriate accounts.

CCE-8541-5
The 'Interactive logon: Display user information when the session is locked.' setting should be configured correctly.

CCE-9199-1
The 'Accounts: Administrator account status' setting should be configured correctly.

CCE-9307-0
The 'Interactive logon: Prompt user to change password before expiration' setting should be configured correctly.

CCE-9556-2
The 'Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers' setting should be configured correctly.

CCE-8884-9
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the private profile.

CCE-9786-5
The 'Windows Firewall: Public: Apply local firewall rules' setting should be configured correctly.

CCE-8431-9
The 'Create global objects' user right should be assigned to the appropriate accounts.

CCE-9461-5
The 'Log on as a service' user right should be assigned to the appropriate accounts.

CCE-9251-0
The 'Domain member: Digitally encrypt secure channel data (when possible)' setting should be configured correctly.

CCE-9274-2
The 'Deny log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.

CCE-8811-2
The 'User Account Control: Admin Approval Mode for the Built-in Administrator account' setting should be configured correctly.

CCE-9400-3
The 'Reset account lockout counter after' setting should be configured correctly.

CCE-8917-7
The 'Network Security: Restrict NTLM: Add server exceptions in this domain' setting should be configured correctly.

CCE-9858-2
The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.

CCE-9149-6
The 'Modify an object label' user right should be assigned to the appropriate accounts.

CCE-9357-5
The 'Minimum password length' setting should be configured correctly.

CCE-9395-5
The 'User Account Control: Switch to the secure desktop when prompting for elevation' setting should be configured correctly.

CCE-8591-0
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.

CCE-9308-8
The 'Account lockout duration' setting should be configured correctly.

CCE-8868-2
The 'Devices: Allowed to format and eject removable media' setting should be configured correctly.

CCE-10156-8
The 'Maximum Log Size (KB)' setting should be configured correctly for the system log.

CCE-9593-5
The Windows Firewall should be enabled or disabled as appropriate for the Public Profile.

CCE-8807-0
The 'Recovery console: Allow automatic administrative logon' setting should be configured correctly.

CCE-9532-3
The 'Network Security: Configure encryption types allowed for Kerberos' setting should be configured correctly.

CCE-8467-3
The 'Impersonate a client after authentication' user right should be assigned to the appropriate accounts.

CCE-9967-1
This definition tests the the maximum allowed size of the security log is at least as big as the supplied value.

CCE-9736-0
The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.

CCE-9021-7
The 'User Account Control: Only elevate executables that are signed and validated' setting should be configured correctly.

CCE-10753-2
The 'Maximum ticket time (value)' option for the 'Solicited Remote Assistance' setting should be configured correctly.

CCE-9067-0
The 'Interactive logon: Smart card removal behavior' setting should be configured correctly.

CCE-9603-2
The 'Maximum Log Size (KB)' setting should be configured correctly for the application log.

CCE-9407-8
The 'Act as part of the operating system' user right should be assigned to the appropriate accounts.

CCE-9774-1
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the domain profile.

CCE-9358-3
The 'Microsoft network server: Disconnect clients when logon hours expire' setting should be configured correctly.

CCE-9396-3
The 'Restrictions for Unauthenticated RPC clients' setting should be configured correctly.

CPE    1
cpe:/o:microsoft:windows_7
*XCCDF
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_7
OVAL    165
oval:gov.nist.usgcb.windowsseven:def:43
oval:gov.nist.usgcb.windowsseven:def:46
oval:gov.nist.usgcb.windowsseven:def:40
oval:gov.nist.usgcb.windowsseven:def:41
...

© SecPod Technologies