[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77986

 
 

109

Paid content will be excluded from the download.


Download | Alert*


CCE-21792-7
The "Prohibit non-administrators from applying vendor signed updates" machine setting should be configured correctly.

CCE-21789-3
Prevent Internet Explorer security prompt for Windows Installer scripts

CCE-22206-7
Auditing of "Object Access: Other Object Access Events" events on failure should be enabled or disabled as appropriate.

CCE-22873-4
The "Prohibit installation and configuration of Network Bridge on your DNS domain network" machine setting should be configured correctly.

CCE-22850-2
Set the default behavior for AutoRun

CCE-21820-6
Auditing of 'Detailed Tracking: RPC Events' events on failure should be enabled or disabled as appropriate.

CCE-22666-2
The 'Do not process the run once list' setting should be configured correctly.

CCE-22436-0
The 'User Account Control: Only elevate executables that are signed and validated' setting should be configured correctly.

CCE-22798-3
Auditing of "Policy Change: Other Policy Change Events" events on failure should be enabled or disabled as appropriate.

CCE-21591-3
The "Do not send additional data" setting should be configured correctly.

CCE-22184-6
Auditing of "Object Access: Kernel Object" events on success should be enabled or disabled as appropriate.

CCE-22447-7
The 'Network access: Let Everyone permissions apply to anonymous users' setting should be configured correctly.

CCE-22632-4
Specify the maximum log file size (KB)

CCE-22150-7
The "Turn off Autoplay for non-volume devices" setting should be configured correctly.

CCE-23454-2
Auditing of 'Policy Change: Authentication Policy Change' events on success should be enabled or disabled as appropriate.

CCE-22906-2
The "Network access: Do not allow anonymous enumeration of SAM accounts and shares" setting should be configured correctly.

CCE-23017-7
Windows Firewall: Public: Logging: Log dropped packets

CCE-23180-3
Windows Firewall: Private: Outbound connections

CCE-21831-3
The "Turn Off the Display (Plugged In)" machine setting should be configured correctly.

CCE-21504-6
The 'Network access: Remotely accessible registry paths' setting should be configured correctly.

CCE-23104-3
Turn off the "Order Prints" picture task

CCE-22349-5
The "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)" setting should be configured correctly.

CCE-22294-3
The 'User Account Control: Admin Approval Mode for the Built-in Administrator account' setting should be configured correctly.

CCE-22534-2
Auditing of 'DS Access: Directory Service Access' events on success should be enabled or disabled as appropriate.

CCE-23127-4
The "Always prompt for password upon connection" machine setting should be configured correctly.

CCE-22303-2
The 'Audit: Shut down system immediately if unable to log security audits' setting should be configured correctly.

CCE-21635-8
The "Require a Password When a Computer Wakes (Plugged In)" machine setting should be configured correctly.

CCE-22786-8
The 'System objects: Require case insensitivity for non-Windows subsystems' setting should be configured correctly.

CCE-22437-8
Auditing of "Detailed Directory Service Replication" events on success should be enabled or disabled as appropriate.

CCE-21844-6
Auditing of 'Object Access: Detailed File Share' events on failure should be enabled or disabled as appropriate.

CCE-23007-8
The 'Domain member: Require strong (Windows 2000 or later) session key' setting should be configured correctly.

CCE-23192-8
The 'Take ownership of files or other objects' user right should be assigned to the appropriate accounts.

CCE-21999-8
The 'Audit: Audit the access of global system objects' setting should be configured correctly.

CCE-23442-7
The 'Restore files and directories' user right should be assigned to the appropriate accounts.

CCE-22183-8
The "Turn off downloading of print drivers over HTTP" machine setting should be configured correctly.

CCE-22905-4
Auditing of 'Detailed Tracking: Process Creation' events on success should be enabled or disabled as appropriate.

CCE-23181-1
The 'Load and unload device drivers' user right should be assigned to the appropriate accounts.

CCE-22402-2
The 'Account lockout duration' setting should be configured correctly.

CCE-22097-0
The "Accounts: Rename administrator account" setting should be configured correctly.

CCE-23597-8
The 'Network access: Named Pipes that can be accessed anonymously' setting should be configured correctly.

CCE-21855-2
Auditing of 'Logon-Logoff: IPsec Quick Mode' events on success should be enabled or disabled as appropriate.

CCE-22993-0
Windows Firewall: Public: Allow unicast response

CCE-22558-1
Auditing of "Object Access: Filtering Platform Packet Drop" events on success should be enabled or disabled as appropriate.

CCE-21394-2
The 'Reschedule Automatic Updates scheduled installations' setting should be enabled or disabled as appropriate.

CCE-22204-2
Auditing of "Policy Change: Authorization Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-23193-6
The "Devices: Allowed to format and eject removable media" setting should be configured correctly.

CCE-23336-1
Auditing of "Account Management: Application Group Management" events on failure should be enabled or disabled as appropriate.

CCE-21152-4
Configure Offer Remote Assistance

CCE-22182-0
The "Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)" machine setting should be configured correctly.

CCE-22129-1
The "Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com" machine setting should be configured correctly.

CCE-22359-4
The 'Domain member: Disable machine account password changes' setting should be configured correctly.

CCE-22909-6
The "Enforce password history" setting should be configured correctly.

CCE-22589-6
Set 6to4 State

CCE-21810-7
Windows Firewall: Domain: Logging: Log successful connections

CCE-22630-8
Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-21627-5
The "Allow Standby States (S1-S3) When Sleeping (On Battery)" machine setting should be configured correctly.

CCE-22886-6
The 'Force shutdown from a remote system' user right should be assigned to the appropriate accounts.

CCE-22676-1
The 'Windows Firewall: Private: Apply local firewall rules' setting should be configured correctly.

CCE-22863-5
Enable RPC Endpoint Mapper Client Authentication

CCE-22096-2
The "No auto-restart with logged on users for scheduled automatic updates installations" machine setting should be configured correctly.

CCE-22950-0
The "Shutdown: Clear virtual memory pagefile" setting should be configured correctly.

CCE-22578-9
The 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly.

CCE-22324-8
Windows Firewall: Domain: Outbound connections

CCE-22973-2
The "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" setting should be configured correctly.

CCE-22688-6
The 'Adjust memory quotas for a process' user right should be assigned to the appropriate accounts.

CCE-23314-8
The 'Back up files and directories' user right should be assigned to the appropriate accounts.

CCE-21516-0
The 'Microsoft network server: Disconnect clients when logon hours expire' setting should be configured correctly.

CCE-22060-8
The "MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)" setting should be configured correctly.

CCE-22458-4
Windows Firewall: Domain: Logging: Size limit (KB)

CCE-22960-9
The 'Increase scheduling priority' user right should be assigned to the appropriate accounts.

CCE-21471-8
Auditing of 'DS Access: Detailed Directory Service Replication' events on failure should be enabled or disabled as appropriate.

CCE-22181-2
Windows Firewall: Public: Outbound connections

CCE-22567-2
The "Password must meet complexity requirements" setting should be configured correctly.

CCE-23062-3
The "Turn off the Windows Messenger Customer Experience Improvement Program" machine setting should be configured correctly.

CCE-22469-1
The 'Modify an object label' user right should be assigned to the appropriate accounts.

CCE-21396-7
The "Require domain users to elevate when setting a network's location" machine setting should be configured correctly.

CCE-21460-1
Windows Firewall: Private: Logging: Name

CCE-23096-1
Auditing of "Account Management: Distribution Group Management" events on failure should be enabled or disabled as appropriate.

CCE-23073-0
Auditing of 'System: Security System Extension' events on success should be enabled or disabled as appropriate.

CCE-22291-9
The "Change the time zone" user right should be assigned to the appropriate accounts.

CCE-22787-6
The 'Allow Standby States (S1-S3) When Sleeping (Plugged In)' setting should be configured correctly.

CCE-21736-4
Control Event Log behavior when the log file reaches its maximum size

CCE-21638-2
The 'Deny log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.

CCE-21921-2
The 'Network access: Do not allow storage of passwords and credentials for network authentication' setting should be configured correctly.

CCE-22624-1
Auditing of "Privilege Use: Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate.

CCE-21617-6
The 'Create a pagefile' user right should be assigned to the appropriate accounts.

CCE-21801-6
The 'User Account Control: Switch to the secure desktop when prompting for elevation' setting should be configured correctly.

CCE-22854-4
Auditing of 'Policy Change: Audit Policy Change' events on success should be enabled or disabled as appropriate.

CCE-22877-5
Windows Firewall: Private: Display a notification

CCE-23522-6
The 'Interactive logon: Do not require CTRL+ALT+DEL' setting should be configured correctly.

CCE-21910-5
The "Store passwords using reversible encryption" setting should be configured correctly.

CCE-21726-5
Auditing of "Object Access: Certification Services" events on failure should be enabled or disabled as appropriate.

CCE-21956-8
Auditing of 'DS Access: Directory Service Changes' events on success should be enabled or disabled as appropriate.

CCE-21703-4
The 'User Account Control: Behavior of the elevation prompt for standard users' setting should be configured correctly.

CCE-22319-8
The 'Allow Remote Shell Access' setting should be configured correctly.

CCE-23447-6
Windows Firewall: Private: Logging: Size limit (KB)

CCE-23036-7
Auditing of "Account Management: Other Account Management Events" events on failure should be enabled or disabled as appropriate.

CCE-22428-7
The 'Microsoft network client: Digitally sign communications (always)' setting should be configured correctly.

CCE-21629-1
Allow user control over installs

CCE-21399-1
The "Accounts: Rename guest account" setting should be configured correctly.

CCE-23100-1
The 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' setting should be configured correctly.

CCE-22405-5
The "Microsoft network client: Send unencrypted password to third-party SMB servers" setting should be configured correctly.

CCE-21968-3
The 'Windows Firewall: Domain: Apply local firewall rules' setting should be configured correctly.

CCE-22481-6
The "Turn off Registration if URL connection is referring to Microsoft.com" machine setting should be configured correctly.

CCE-21714-1
Windows Firewall: Private: Firewall state

CCE-22538-3
The 'Microsoft network server: Digitally sign communications (if client agrees)' setting should be configured correctly.

CCE-22141-6
The 'Create permanent shared objects' user right should be assigned to the appropriate accounts.

CCE-22187-9
The "Prohibit Access of the Windows Connect Now wizards" machine setting should be configured correctly.

CCE-22350-3
Enable indexing uncached Exchange folders

CCE-22876-7
Auditing of "System: Security State Change" events on failure should be enabled or disabled as appropriate.

CCE-23521-8
Windows Firewall: Domain: Logging: Name

CCE-23158-9
The "Set time limit for active but idle Remote Desktop Services sessions" machine setting should be configured correctly.

CCE-22285-1
The 'Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box' setting should be configured correctly.

CCE-23400-5
The 'Network security: LDAP client signing requirements' setting should be configured correctly.

CCE-22592-0
The 'Maximum password age' setting should be configured correctly.

CCE-22384-2
The 'Recovery console: Allow automatic administrative logon' setting should be configured correctly.

CCE-21791-9
The 'Microsoft network server: Digitally sign communications (always)' setting should be configured correctly.

CCE-23578-8
The 'Network security: Allow Local System to use computer identity for NTLM' setting should be configured correctly.

CCE-21836-2
The "Do not use temporary folders per session" machine setting should be configured correctly.

CCE-23124-1
The 'Turn off Data Execution Prevention for Explorer' setting should be configured correctly.

CCE-22637-3
Control Event Log behavior when the log file reaches its maximum size

CCE-22539-1
The 'Turn off printing over HTTP' setting should be configured correctly.

CCE-23090-4
Windows Firewall: Domain: Firewall state

CCE-22130-9
The "Prevent Automatic Updates" machine setting should be configured correctly.

CCE-21826-3
Windows Firewall: Private: Inbound connections

CCE-22438-6
Auditing of 'Account Logon: Kerberos Authentication Service' events on failure should be enabled or disabled as appropriate.

CCE-23257-9
The 'Network access: Shares that can be accessed anonymously' setting should be configured correctly.

CCE-22042-6
The 'Network access: Allow anonymous SID/Name translation' setting should be configured correctly.

CCE-23566-3
The 'Bypass traverse checking' user right should be assigned to the appropriate accounts.

CCE-21453-6
The "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" setting should be configured correctly.

CCE-23159-7
The "Turn off Automatic Root Certificates Update" machine setting should be configured correctly.

CCE-21660-6
The "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting should be configured correctly.

CCE-22491-5
The "Turn off Microsoft Peer-to-Peer Networking Services" machine setting should be configured correctly.

CCE-22381-8
Auditing of 'Account Management: Security Group Management' events on success should be enabled or disabled as appropriate.

CCE-22152-3
The 'Turn off Internet download for Web publishing and online ordering wizards' setting should be configured correctly.

CCE-21671-3
The 'Account lockout threshold' setting should be configured correctly.

CCE-22977-3
The 'Network access: Remotely accessible registry paths and sub-paths' setting should be configured correctly.

CCE-22723-1
Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on failure should be enabled or disabled as appropriate.

CCE-23641-4
The "Turn off handwriting recognition error reporting" machine setting should be configured correctly.

CCE-23028-4
Auditing of "System: Other System Events" events on success should be enabled or disabled as appropriate.

CCE-23258-7
The 'Enable computer and user accounts to be trusted for delegation' user right should be assigned to the appropriate accounts.

CCE-23565-5
Auditing of "Object Access: Application Generated" events on success should be enabled or disabled as appropriate.

CCE-22548-2
The "Accounts: Guest account status" setting should be configured correctly.

CCE-22964-1
Configure registry policy processing

CCE-21562-4
The "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting should be configured correctly.

CCE-23201-7
Windows Firewall: Domain: Allow unicast response

CCE-22658-9
The 'Network access: Restrict anonymous access to Named Pipes and Shares' setting should be configured correctly.

CCE-22843-7
Auditing of "Audit object access" events on sucess should be enabled or disabled as appropriate.

CCE-23103-5
The "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)" setting should be configured correctly.

CCE-22976-5
The 'Access this computer from the network' user right should be assigned to the appropriate accounts.

CCE-21256-3
Windows Firewall: Private: Logging: Log dropped packets

CCE-23549-9
The "Network security: Force logoff when logon hours expire" setting should be configured correctly.

CCE-23021-9
Restrict Unauthenticated RPC clients

CCE-22267-9
Windows Firewall: Public: Logging: Name

CCE-21432-0
The 'Create global objects' user right should be assigned to the appropriate accounts.

CCE-21707-5
The "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider" machine setting should be configured correctly.

CCE-23251-2
Set Teredo State

CCE-21248-0
The "Turn off shell protocol protected mode" setting should be configured correctly.

CCE-21530-1
Windows Firewall: Public: Logging: Log successful connections

CCE-21990-7
The 'Change the system time' user right should be assigned to the appropriate accounts.

CCE-21816-4
Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on success should be enabled or disabled as appropriate.

CCE-22617-5
The "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" setting should be configured correctly.

CCE-22921-1
The "Minimum password length" setting should be configured correctly.

CCE-21696-0
The "Do not allow passwords to be saved" machine setting should be configured correctly.

CCE-21892-5
The "Interactive logon: Prompt user to change password before expiration" setting should be configured correctly.

CCE-22210-9
Auditing of "Policy Change: Filtering Platform Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-21949-3
Turn off the "Publish to Web" task for files and folders

CCE-23240-5
The 'Windows Firewall: Public: Apply local firewall rules' setting should be configured correctly.

CCE-22748-8
The "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" setting should be configured correctly.

CCE-22519-3
The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

CCE-21771-1
The "Always use classic logon" machine setting should be configured correctly.

CCE-22387-5
Windows Firewall: Domain: Inbound connections

CCE-22331-3
The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.

CCE-21927-9
The 'Allow log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.

CCE-22243-0
The 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' setting should be configured correctly.

CCE-22168-9
The 'Interactive logon: Smart card removal behavior' setting should be configured correctly.

CCE-22966-6
The "Configure minimum PIN length for startup" machine setting should be configured correctly.

CCE-21761-2
The "Disable Logging" setting should be configured correctly.

CCE-23120-9
Windows Firewall: Private: Logging: Log successful connections

CCE-21719-0
The "Do not send a Windows error report when a generic driver is installed on a device" machine setting should be configured correctly.

CCE-23241-3
Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on failure should be enabled or disabled as appropriate.

CCE-23264-5
The 'Accounts: Limit local account use of blank passwords to console logon only' setting should be configured correctly.

CCE-22157-2
The "Require a Password When a Computer Wakes (On Battery)" machine setting should be configured correctly.

CCE-22351-1
Auditing of 'Account Logon: Other Account Logon Events' events on failure should be enabled or disabled as appropriate.

CCE-23253-8
The 'Windows Firewall: Domain: Apply local connection security rules' setting should be configured correctly.

CCE-22890-8
Auditing of 'Account Management: User Account Management' events on success should be enabled or disabled as appropriate.

CCE-21785-1
The "Turn off Search Companion content file updates" machine setting should be configured correctly.

CCE-22581-3
Specify the maximum log file size (KB)

CCE-21807-3
The "Turn on Responder (RSPNDR) driver" machine setting should be configured correctly.

CCE-23381-7
The 'Act as part of the operating system' user right should be assigned to the appropriate accounts.

CCE-21883-4
The "Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point" machine setting should be configured correctly.

CCE-22242-2
Control Event Log behavior when the log file reaches its maximum size

CCE-22472-5
The 'Replace a process level token' user right should be assigned to the appropriate accounts.

CCE-21687-9
The 'Log on as a batch job' user right should be assigned to the appropriate accounts.

CCE-22528-4
Specify the maximum log file size (KB)

CCE-22615-9
The "Interactive logon: Do not display last user name" setting should be configured correctly.

CCE-21359-5
Windows Firewall: Public: Firewall state

CCE-23558-0
Auditing of 'System: System Integrity' events on failure should be enabled or disabled as appropriate.

CCE-21894-1
The 'Increase a process working set' user right should be assigned to the appropriate accounts.

CCE-22460-0
Windows Firewall: Public: Logging: Size limit (KB)

CCE-21675-4
The "Enumerate administrator accounts on elevation" setting should be enabled or disabled as appropriate.

CCE-21905-5
Auditing of 'Account Management: Computer Account Management' events on success should be enabled or disabled as appropriate.

CCE-22517-7
Windows Firewall: Public: Inbound connections

CCE-22156-4
Auditing of "Object Access: File System" events on failure should be enabled or disabled as appropriate.

CCE-22166-3
The 'Create symbolic links' user right should be assigned to the appropriate accounts.

CCE-22859-3
Auditing of "Logon/Logoff: Account Lockout" events on success should be enabled or disabled as appropriate.

CCE-23133-2
The 'Recovery console: Allow floppy copy and access to all drives and all folders' setting should be configured correctly.

CCE-22639-9
The 'Network security: LAN Manager authentication level' setting should be configured correctly.

CCE-21740-6
The 'Network access: Sharing and security model for local accounts' setting should be configured correctly.

CCE-21774-5
The 'Generate security audits' user right should be assigned to the appropriate accounts.

CCE-21895-8
The 'Profile single process' user right should be assigned to the appropriate accounts.

CCE-23391-6
The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.

CCE-22057-4
The "Turn off handwriting personalization data sharing" setting should be configured correctly.

CCE-23145-6
The 'Modify firmware environment values' user right should be assigned to the appropriate accounts.

CCE-23058-1
The "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting should be configured correctly.

CCE-23289-2
Auditing of "Audit policy change" events on sucess should be enabled or disabled as appropriate.

CCE-22749-6
The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

CCE-22386-7
The "Domain member: Digitally sign secure channel data (when possible)" setting should be configured correctly.

CCE-21982-4
The 'Debug programs' user right should be assigned to the appropriate accounts.

CCE-22082-2
The 'Create a token object' user right should be assigned to the appropriate accounts.

CCE-21534-3
The 'User Account Control: Run all administrators in Admin Approval Mode' setting should be configured correctly.

CCE-22816-3
The 'Deny log on locally' user right should be assigned to the appropriate accounts.

CCE-22541-7
The 'Reset account lockout counter after' setting should be configured correctly.

CCE-21994-9
The 'Lock pages in memory' user right should be assigned to the appropriate accounts.

CCE-22029-3
The "Prevent device metadata retrieval from the Internet" machine setting should be configured correctly.

CCE-22311-5
The 'MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)' setting should be configured correctly.

CCE-23063-1
The "Interactive logon: Require Domain Controller authentication to unlock workstation" setting should be configured correctly.

CCE-21621-8
The 'Domain member: Maximum machine account password age' setting should be configured correctly.

CCE-21798-4
Auditing of 'Logon-Logoff: Special Logon' events on success should be enabled or disabled as appropriate.

CCE-23450-0
Windows Firewall: Domain: Display a notification

CCE-21546-7
The "Network access: Do not allow anonymous enumeration of SAM accounts and shares" setting should be configured correctly.

CCE-21523-6
The 'Microsoft network server: Amount of idle time required before suspending session' setting should be configured correctly.

CCE-22902-1
Auditing of 'Logon-Logoff: IPsec Extended Mode' events on success should be enabled or disabled as appropriate.

CCE-22466-7
The "User Account Control: Detect application installations and prompt for elevation" setting should be configured correctly.

CCE-23327-0
The 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

CCE-22116-8
The "Always install with elevated privileges" machine setting should be configured correctly.

CCE-22553-2
The "User Account Control: Only elevate UIAccess applications that are installed in secure locations" setting should be configured correctly.

CCE-21391-8
The 'Shut down the system' user right should be assigned to the appropriate accounts.

CCE-22913-8
The 'Shutdown: Allow system to be shut down without having to log on' setting should be configured correctly.

CCE-23218-1
The 'Log on as a service' user right should be assigned to the appropriate accounts.

CCE-21840-4
The 'Deny access to this computer from the network' user right should be assigned to the appropriate accounts.

CCE-21788-5
The 'Manage auditing and security log' user right should be assigned to the appropriate accounts.

CCE-21863-6
The "Microsoft network client: Digitally sign communications (if server agrees)" setting should be configured correctly.

CCE-22028-5
Windows Firewall: Public: Display a notification

CCE-22686-0
The "Route all traffic through the internal network" setting should be configured correctly.

CCE-22126-7
The "User Account Control: Virtualize file and registry write failures to per-user locations" setting should be configured correctly.

CCE-21458-5
The 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' setting should be configured correctly.

CCE-22565-6
Auditing of "Logon/Logoff: Logoff" events on failure should be enabled or disabled as appropriate.

CCE-22421-2
The 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' setting should be configured correctly.

CCE-21545-9
Specify the maximum log file size (KB)

CCE-22577-1
Auditing of "Object Access: Filtering Platform Connection" events on failure should be enabled or disabled as appropriate.

CCE-23260-3
Configure Microsoft Active Protection Service Reporting

CCE-23604-2
Auditing of 'Detailed Tracking: Process Termination' events on success should be enabled or disabled as appropriate.

CCE-22936-9
The 'Deny log on as a batch job' user right should be assigned to the appropriate accounts.

CCE-22916-1
The "Turn off Internet File Association service" machine setting should be configured correctly.

CCE-23088-8
The "Do not allow drive redirection" setting should be configured correctly for Terminal Services.

CCE-21887-5
The 'Impersonate a client after authentication' user right should be assigned to the appropriate accounts.

CCE-23317-1
Configure Solicited Remote Assistance

CCE-22453-5
The "Report when logon server was not available during user logon" machine setting should be configured correctly.

CCE-23505-1
Auditing of 'System: IPsec Driver' events on success should be enabled or disabled as appropriate.

CCE-22585-4
The "Network access: Do not allow anonymous enumeration of SAM accounts and shares" setting should be configured correctly.

CCE-21766-1
Enable screen saver

CCE-22102-8
The 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' setting should be configured correctly.

CCE-21996-4
Auditing of "Object Access: Registry" events on failure should be enabled or disabled as appropriate.

CCE-22378-4
Auditing of 'Logon-Logoff: IPsec Main Mode' events on failure should be enabled or disabled as appropriate.

CCE-22904-7
The 'Perform volume maintenance tasks' user right should be assigned to the appropriate accounts.

CCE-21525-1
Screen saver timeout

CCE-21875-0
The 'Prevent the computer from joining a homegroup' setting should be configured correctly.

CCE-23030-0
Windows Firewall: Domain: Logging: Log dropped packets

CCE-22320-6
The "Allow remote access to the Plug and Play interface" machine setting should be configured correctly.

CCE-23261-1
The 'Network security: Allow LocalSystem NULL session fallback' setting should be configured correctly.

CCE-23076-3
Auditing of 'Detailed Tracking: DPAPI Activity' events on success should be enabled or disabled as appropriate.

CCE-23296-7
The 'Allow log on locally' user right should be assigned to the appropriate accounts.

CCE-22915-3
The 'Windows Firewall: Private: Apply local connection security rules' setting should be configured correctly.

CCE-23198-5
The 'Audit Credential Validation' setting should be configured correctly.

CCE-22829-6
The 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' setting should be configured correctly.

CCE-21414-8
The 'Minimum password age' setting should be configured correctly.

CCE-22310-7
The "Turn off Windows Update device driver searching" machine setting should be configured correctly.

CCE-22124-2
Auditing of 'Privilege Use: Other Privilege Use Events' events on failure should be enabled or disabled as appropriate.

CCE-22696-9
The "Turn on session logging" machine setting should be configured correctly.

CCE-22949-2
The "Turn Off the Display (On Battery)" machine setting should be configured correctly.

CCE-22003-8
Windows Firewall: Private: Allow unicast response

CCE-22465-9
Auditing of "Object Access: Handle Manipulation" events on failure should be enabled or disabled as appropriate.

CCE-23372-6
The "Turn on Mapper I/O (LLTDIO) driver" machine setting should be configured correctly.

CCE-22552-4
The "Network security: Do not store LAN Manager hash value on next password change" setting should be configured correctly.

CCE-22783-5
The "System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)" setting should be configured correctly.

CCE-21940-2
The 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' setting should be configured correctly.

CCE-22575-5
The "Prevent Windows from sending an error report when a device driver requests additional software during installation" machine setting should be configured correctly.

CCE-21963-4
The "Password protect the screen saver" setting should be configured correctly for the default user.

CPE    1
cpe:/o:microsoft:windows_8
*XCCDF
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_8
OVAL    289
oval:org.secpod.oval:def:18093
oval:org.secpod.oval:def:18092
oval:org.secpod.oval:def:18117
oval:org.secpod.oval:def:18116
...

© 2013 SecPod Technologies