[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*


CCE-2267-3
Auditing of "IPsec Extended Mode" events on failure should be enabled or disabled as appropriate.

CCE-2318-4
The "Network access: Allow anonymous SID/Name translation" setting should be configured correctly.

CCE-1926-5
Auditing of "Directory Service Access" events on failure should be enabled or disabled as appropriate.

CCE-2111-3
The "Network access: Do not allow storage of credentials or .NET Passports for network authentication" setting should be configured correctly.

CCE-2473-7
The "User Account Control: Only elevate UIAccess applications that are installed in secure locations" setting should be configured correctly.

CCE-1553-7
The "Recovery console: Allow floppy copy and access to all drives and all folders" setting should be configured correctly.

CCE-2256-6
This policy setting determines whether a domain member can periodically change its computer account password. If you enable this policy setting, the domain member will be prevented from changing its computer account password. If you disable this policy setting, the domain member can change its compu ...

CCE-2049-5
The "Domain Controller: Allow server operators to schedule tasks" setting should be configured correctly.

CCE-1826-7
The "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)" setting should be configured correctly.

CCE-1346-6
The "Impersonate a client after authentication" setting should be configured correctly.

CCE-2509-8
The "User Account Control: Only elevate executables that are signed and validated" setting should be configured correctly.

CCE-2487-7
This policy setting controls the behavior of application installation detection for the computer. The options are: - Enabled: (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name ...

CCE-2320-0
The "MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers" setting should be configured correctly.

CCE-8568-8
The "Enumerate administrator accounts on elevation" setting should be enabled or disabled as appropriate.

CCE-7643-0
This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you disable this policy ...

CCE-2607-0
The "Retention method for system log" setting should be configured correctly.

CCE-1836-6
The "Retention method for security log" setting should be configured correctly.

CCE-1390-4
The "Devices: Restrict CD-ROM access to locally logged-on user only" setting should be configured correctly.

CCE-2156-8
The automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate.

CCE-2266-5
The "User Account Control: Virtualize file and registry write failures to per-user locations" setting should be configured correctly.

CCE-2289-7
The "Store passwords using reversible encryption" setting should be configured correctly.

CCE-2399-4
The "MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds" setting should be configured correctly.

CCE-1934-9
The "Domain Controller: Refuse machine account password changes" setting should be configured correctly.

CCE-2451-3
This policy setting determines the strength of the default discretionary access control list (DACL) for objects. The setting helps secure objects that can be located and shared among processes and its default configuration strengthens the DACL, because it allows users who are not administrators to r ...

CCE-1967-9
The "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" setting should be configured correctly.

CCE-1944-8
The "Deny log on as a service (SeDenyServiceLogonRight)" setting should be configured correctly.

CCE-1678-2
Auditing of "Other Account Logon Events" events on success should be enabled or disabled as appropriate.

CCE-1834-1
The "Deny log on as a batch job (SeDenyBatchLogonRight)" setting should be configured correctly.

CCE-2237-6
The "Enforce password history" setting should be configured correctly.

CCE-2442-2
The "MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning" setting should be configured correctly.

CCE-1868-9
This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. If you enable this policy setting, the domain member will request encryption of all secure channel traffic. If you disable this policy setting, the domain m ...

CCE-2226-9
The "Create global objects (SeCreateGlobalPrivilege)" setting should be configured correctly.

CCE-2257-4
The "Modify firmware environment values (SeSystemEnvironmentPrivilege)" setting should be configured correctly.

CCE-2113-9
The "Profile system performance (SeSystemProfilePrivilege)" setting should be configured correctly.

CCE-2004-0
The "Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)" setting should be configured correctly.

CCE-2410-9
The "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" setting should be configured correctly.

CCE-1491-0
The "Create a token object (SeCreateTokenPrivilege)" setting should be configured correctly.

CCE-2102-2
The "Deny log on through Terminal Services (SeDenyRemoteInteractiveLogonRight)" setting should be configured correctly.

CCE-1328-4
The "Create a pagefile (SeCreatePagefilePrivilege)" setting should be configured correctly.

CCE-2200-4
The "Maximum password age" setting should be configured correctly.

CCE-2421-6
This policy setting determines whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. It enables or disables certificate rules (a type of software restriction policies rule). With soft ...

CCE-7893-1
Disable saving of dial-up passwords should be properly configured.

CCE-2478-6
This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC pol ...

CCE-1843-2
The "Manage auditing and security log (SeSecurityPrivilege)" setting should be configured correctly.

CCE-2126-1
The "Password must meet complexity requirements" setting should be configured correctly.

CCE-2447-1
The "MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)" setting should be configured correctly.

CCE-8178-6
The "Disable remote Desktop Sharing" setting should be enabled or disabled as appropriate.

CCE-1470-4
The "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting should be configured correctly.

CCE-2270-7
The "Log on as a service (SeServiceLogonRight)" setting should be configured correctly.

CCE-2424-0
The "MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)" setting should be configured correctly.

CCE-2314-3
The "Deny access to this computer from the network (SeDenyNetworkLogonRight)" setting should be configured correctly.

CCE-1975-2
The "Log on as a batch job (SeBatchLogonRight)" setting should be configured correctly.

CCE-2302-8
The "User Account Control: Admin Approval Mode for the Built-in Administrator account" setting should be configured correctly.

CCE-1841-6
Auditing of "Security System Extension" events on success should be enabled or disabled as appropriate.

CCE-2434-9
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. - Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevati ...

CCE-2260-8
Auditing of "IPsec Main Mode" events on success should be enabled or disabled as appropriate.

CCE-2075-0
The "Access this computer from the network (SeNetworkLogonRight)" setting should be configured correctly.

CCE-2381-2
The "Microsoft network server: Digitally sign communications (always)" setting should be configured correctly.

CCE-2403-4
The "Shutdown: Allow system to be shut down without having to log on" setting should be configured correctly.

CCE-2328-3
The "Increase scheduling priority (SeIncreaseBasePriorityPrivilege)" setting should be configured correctly.

CCE-2129-5
The "Generate security audits (SeAuditPrivilege)" setting should be configured correctly.

CCE-1460-5
The "MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)" setting should be configured correctly.

CCE-2500-7
The "User Account Control: Switch to the secure desktop when prompting for elevation" setting should be configured correctly.

CCE-2183-2
The "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" setting should be configured correctly.

CCE-7639-8
The default behavior for AutoRun should be properly configured.

CCE-2360-6
The "Profile single process (SeProfileSingleProcessPrivilege)" setting should be configured correctly.

CCE-2383-8
The "Devices: Restrict floppy access to locally logged-on user only" setting should be configured correctly.

CCE-2307-7
The "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)" setting should be configured correctly.

CCE-1861-4
The "Minimum password age" setting should be configured correctly.

CCE-2416-6
The "Shutdown: Clear virtual memory pagefile" setting should be configured correctly.

CCE-2240-0
The "Minimum password length" setting should be configured correctly.

CCE-2286-3
The "Allow log on locally" setting should be configured correctly.

CCE-2078-4
The "Shut down the system (SeShutdownPrivilege)" setting should be configured correctly.

CCE-2142-8
The "Modify an object label" setting should be configured correctly.

CCE-2382-0
The "Remove computer from docking station (SeUndockPrivilege)" setting should be configured correctly.

CCE-1819-2
The "Retention method for application log" setting should be configured correctly.

CCE-2298-8
The "MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended)" setting should be configured correctly.

CCE-2306-9
The "Increase a process working set" setting should be configured correctly.

CCE-1751-7
The "Audit: Audit the access of global system objects" setting should be configured correctly.

CCE-2241-8
The "MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)" setting should be configured correctly.

CCE-2079-2
The "Act as part of the operating system (SeTcbPrivilege)" setting should be configured correctly.

CCE-1773-1
The "Audit: Audit the use of Backup and Restore privilege" setting should be configured correctly.

CCE-2539-5
The application log maximum size should be configured correctly.

CCE-2309-3
The "Recovery console: Allow automatic administrative logon" setting should be configured correctly.

CCE-1750-9
The "Force shutdown from a remote system (SeRemoteShutdownPrivilege)" setting should be configured correctly.

CCE-7636-4
The "Always Prompt Client for Password upon Connection" policy should be set correctly for Terminal Services.

CCE-5229-0
The "MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing)" setting should be configured correctly.

CCE-2361-4
The "Network access: Restrict anonymous access to Named Pipes and Shares" setting should be configured correctly.

CCE-2308-5
The "Allow log on through Terminal Services (SeRemoteInteractiveLogonRight)" setting should be configured correctly.

CCE-2319-2
The "System cryptography: Force strong key protection for user keys stored on the computer" setting should be configured correctly.

CCE-2285-5
The "Bypass traverse checking (SeChangeNotifyPrivilege)" setting should be configured correctly.

CCE-2262-4
The system log maximum size should be configured correctly.

CCE-2409-1
Auditing of "IPsec Main Mode" events on failure should be enabled or disabled as appropriate.

CCE-2002-4
Auditing of "Process Creation" events on success should be enabled or disabled as appropriate.

CCE-1718-6
Auditing of "Directory Service Replication" events on failure should be enabled or disabled as appropriate.

CCE-2616-1
Auditing of "Logoff" events on failure should be enabled or disabled as appropriate.

CCE-2485-1
Auditing of "Other Account Management Events" events on success should be enabled or disabled as appropriate.

CCE-2518-9
Auditing of "Process Termination" events on success should be enabled or disabled as appropriate.

CCE-2560-1
Auditing of "Security Group Management" events on failure should be enabled or disabled as appropriate.

CCE-2375-4
Auditing of "Process Creation" events on failure should be enabled or disabled as appropriate.

CCE-2583-3
Auditing of "Other Object Access Events" events on failure should be enabled or disabled as appropriate.

CCE-2605-4
Auditing of "Non Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate.

CCE-2570-0
Auditing of "Authorization Policy Change" events on success should be enabled or disabled as appropriate.

CCE-2408-3
Auditing of "Handle Manipulation" events on success should be enabled or disabled as appropriate.

CCE-2386-1
Auditing of "Other Privilege Use Events" events on success should be enabled or disabled as appropriate.

CCE-2615-3
Auditing of "Other Logon/Logoff Events" events on success should be enabled or disabled as appropriate.

CCE-2351-5
Auditing of "IPsec Driver" events on failure should be enabled or disabled as appropriate.

CCE-2582-5
Auditing of "Audit directory service access" events on failure should be enabled or disabled as appropriate.

CCE-2604-7
Auditing of "DPAPI Activity" events on failure should be enabled or disabled as appropriate.

CCE-2268-1
Auditing of "Audit policy change" events on sucess should be enabled or disabled as appropriate.

CCE-2464-6
Auditing of "MPSSVC Rule-Level Policy Change" events on success should be enabled or disabled as appropriate.

CCE-1837-4
Auditing of "Audit system events" events on sucess should be enabled or disabled as appropriate.

CCE-2389-5
Auditing of "Process Termination" events on failure should be enabled or disabled as appropriate.

CCE-2441-4
Auditing of "Logon" events on success should be enabled or disabled as appropriate.

CCE-2498-4
Auditing of "RPC Events" events on failure should be enabled or disabled as appropriate.

CCE-2265-7
Auditing of "Audit privilege use" events on failure should be enabled or disabled as appropriate.

CCE-2288-9
Auditing of "Computer Account Management" events on success should be enabled or disabled as appropriate.

CCE-2242-6
Auditing of "Audit logon events" events on sucess should be enabled or disabled as appropriate.

CCE-2463-8
Auditing of "������������Credential Validation" events on success should be enabled or disabled as appropriate.

CCE-2110-5
Auditing of "Account Lockout" events on success should be enabled or disabled as appropriate.

CCE-1642-8
Auditing of "Distribution Group Management" events on success should be enabled or disabled as appropriate.

CCE-1968-7
Auditing of "Other Logon/Logoff Events" events on failure should be enabled or disabled as appropriate.

CCE-2440-6
Auditing of "System Integrity" events on failure should be enabled or disabled as appropriate.

CCE-2353-1
Auditing of "MPSSVC Rule-Level Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-2489-3
Auditing of "Detailed Directory Service Replication" events on failure should be enabled or disabled as appropriate.

CCE-2029-7
The "Microsoft network server: Disconnect clients when logon hours expire" setting should be configured correctly.

CCE-2368-9
Auditing of "Application Generated" events on success should be enabled or disabled as appropriate.

CCE-2575-9
Auditing of "Network Policy Server" events on failure should be enabled or disabled as appropriate.

CCE-2443-0
Auditing of "Security Group Management" events on success should be enabled or disabled as appropriate.

CCE-1800-2
The "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting should be configured correctly.

CCE-2454-7
LAN Manager (LM) is a family of early Microsoft client/server software that allows users to link personal computers together on a single network. Network capabilities include transparent file and print sharing, user security features, and network administration tools. In Active Directory domains, th ...

CCE-2564-3
Auditing of "Other Account Logon Events" events on failure should be enabled or disabled as appropriate.

CCE-2104-8
Auditing of "Non Sensitive Privilege Use" events on success should be enabled or disabled as appropriate.

CCE-2488-5
Auditing of "File System" events on failure should be enabled or disabled as appropriate.

CCE-2367-1
Auditing of "Directory Service Access" events on success should be enabled or disabled as appropriate.

CCE-2465-3
Auditing of "SAM" events on success should be enabled or disabled as appropriate.

CCE-1759-0
Auditing of "Other Policy Change Events" events on failure should be enabled or disabled as appropriate.

CCE-1448-0
The "Interactive logon: Smart card removal behavior" setting should be configured correctly.

CCE-2586-6
Auditing of "Kerberos Authentication Service" events on success should be enabled or disabled as appropriate.

CCE-2608-8
Auditing of "IPsec Driver" events on success should be enabled or disabled as appropriate.

CCE-2445-5
Auditing of "Directory Service Changes" events on failure should be enabled or disabled as appropriate.

CCE-2468-7
Auditing of "Application Group Management" events on success should be enabled or disabled as appropriate.

CCE-2136-0
Auditing of "Audit object access" events on sucess should be enabled or disabled as appropriate.

CCE-2531-2
Auditing of "File System" events on success should be enabled or disabled as appropriate.

CCE-2269-9
Auditing of "Audit Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-2358-0
Auditing of "Certification Services" events on failure should be enabled or disabled as appropriate.

CCE-2566-8
Auditing of "Authentication Policy Change" events on success should be enabled or disabled as appropriate.

CCE-2433-1
Auditing of "Audit Policy Change" events on success should be enabled or disabled as appropriate.

CCE-2553-6
Auditing of "Registry" events on success should be enabled or disabled as appropriate.

CCE-2346-5
Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting determines whether it is necessary to contact a domain controller to unlock a computer. If you enable this setting, a domain c ...

CCE-1889-5
Auditing of "Account Lockout" events on failure should be enabled or disabled as appropriate.

CCE-2542-9
Auditing of "Application Group Management" events on failure should be enabled or disabled as appropriate.

CCE-2195-6
Auditing of "Kernel Object" events on failure should be enabled or disabled as appropriate.

CCE-2522-1
Auditing of "DPAPI Activity" events on success should be enabled or disabled as appropriate.

CCE-2556-9
Auditing of "Detailed Directory Service Replication" events on success should be enabled or disabled as appropriate.

CCE-2349-9
Auditing of "Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate.

CCE-2545-2
Auditing of "Security System Extension" events on failure should be enabled or disabled as appropriate.

CCE-2064-4
Auditing of "IPsec Quick Mode" events on success should be enabled or disabled as appropriate.

CCE-2348-1
Auditing of "System Integrity" events on success should be enabled or disabled as appropriate.

CCE-2411-7
Auditing of "User Account Management" events on failure should be enabled or disabled as appropriate.

CCE-2544-5
Auditing of "RPC Events" events on success should be enabled or disabled as appropriate.

CCE-8594-4
The "Enforce user logon restrictions" policy should be set correctly.

CCE-2193-1
Auditing of "Other System Events" events on failure should be enabled or disabled as appropriate.

CCE-1961-2
Auditing of "SAM" events on failure should be enabled or disabled as appropriate.

CCE-2558-5
Auditing of "Special Logon" events on failure should be enabled or disabled as appropriate.

CCE-2291-3
This security policy setting determines whether the operating system generates security audit events for Kerberos service ticket requests. Events are generated every time Kerberos is used to authenticate a user to access a protected network resource. Kerberos service ticket operation audit events ca ...

CCE-2610-4
Auditing of "Special Logon" events on success should be enabled or disabled as appropriate.

CCE-2414-1
Auditing of "Security State Change" events on success should be enabled or disabled as appropriate.

CCE-2437-2
Auditing of "Filtering Platform Connection" events on failure should be enabled or disabled as appropriate.

CCE-2095-8
Auditing of "Certification Services" events on success should be enabled or disabled as appropriate.

CCE-2490-1
Auditing of "Filtering Platform Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-2622-9
Auditing of "Application Generated" events on failure should be enabled or disabled as appropriate.

CCE-5263-9
The "MSS: (TCPMaxDataRetransmissions) IPv6, how many times unacknowledged data is retransmitted (3 recommended, 5 is default)" setting should be configured correctly.

CCE-2402-6
Auditing of "File Share" events on failure should be enabled or disabled as appropriate.

CCE-2448-9
Auditing of "Security State Change" events on failure should be enabled or disabled as appropriate.

CCE-2534-6
Auditing of "Directory Service Replication" events on success should be enabled or disabled as appropriate.

CCE-2062-8
Auditing of "Other Account Management Events" events on failure should be enabled or disabled as appropriate.

CCE-2292-1
Auditing of "Filtering Platform Packet Drop" events on failure should be enabled or disabled as appropriate.

CCE-2459-6
Auditing of "Authorization Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-2205-3
Auditing of "Sensitive Privilege Use" events on success should be enabled or disabled as appropriate.

CCE-2511-4
Auditing of "Kerberos Authentication Service" events on failure should be enabled or disabled as appropriate.

CCE-2569-2
Auditing of "Logoff" events on success should be enabled or disabled as appropriate.

CCE-8572-0
RPC Endpoint Mapper Client Authentication should be enabled or disabled as appropriate.

CCE-2405-9
This subcategory reports generated by Kerberos ticket request processes on the domain controller that is authoritative for the domain account. Events for this subcategory include: - 4769: A Kerberos service ticket was requested. - 4770: A Kerberos service ticket was renewed. - 4773: A Kerberos servi ...

CCE-2503-1
Auditing of "Handle Manipulation" events on failure should be enabled or disabled as appropriate.

CCE-2297-0
The "Interactive logon: Number of previous logons to cache (in case domain controller is not available)" setting should be configured correctly.

CCE-2251-7
Auditing of "Audit account logon events" events on sucess should be enabled or disabled as appropriate.

CCE-2635-1
Auditing of "Directory Service Changes" events on success should be enabled or disabled as appropriate.

CCE-8125-7
The "Unsigned Driver Installation Behavior" policy should be set correctly.

CCE-2394-5
Auditing of "User Account Management" events on success should be enabled or disabled as appropriate.

CCE-2371-3
Auditing of "Other Privilege Use Events" events on failure should be enabled or disabled as appropriate.

CCE-2601-3
Auditing of "File Share" events on success should be enabled or disabled as appropriate.

CCE-2404-2
The "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting should be configured correctly.

CCE-2022-2
Auditing of "Other System Events" events on success should be enabled or disabled as appropriate.

CCE-2536-1
Auditing of "IPsec Quick Mode" events on failure should be enabled or disabled as appropriate.

CCE-2415-8
Auditing of "Computer Account Management" events on failure should be enabled or disabled as appropriate.

CCE-2033-9
Auditing of "Other Object Access Events" events on success should be enabled or disabled as appropriate.

CCE-1939-8
Auditing of "Audit system events" events on failure should be enabled or disabled as appropriate.

CCE-2151-9
Auditing of "Authentication Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-2505-6
Auditing of "Registry" events on failure should be enabled or disabled as appropriate.

CCE-2385-3
Auditing of "Other Policy Change Events" events on success should be enabled or disabled as appropriate.

CCE-2614-6
Auditing of "Filtering Platform Policy Change" events on success should be enabled or disabled as appropriate.

CCE-2516-3
Auditing of "������������Credential Validation" events on failure should be enabled or disabled as appropriate.

CCE-2350-7
Auditing of "IPsec Extended Mode" events on success should be enabled or disabled as appropriate.

CCE-2373-9
Auditing of "Network Policy Server" events on success should be enabled or disabled as appropriate.

CCE-2504-9
Auditing of "Filtering Platform Connection" events on success should be enabled or disabled as appropriate.

CCE-2384-6
The "MSS: (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged" setting should be configured correctly.

CCE-2406-7
The "Network access: Sharing and security model for local accounts" setting should be configured correctly.

CCE-2538-7
Auditing of "Audit account management" events on failure should be enabled or disabled as appropriate.

CCE-2482-8
Auditing of "Filtering Platform Packet Drop" events on success should be enabled or disabled as appropriate.

CCE-2273-1
Auditing of "Distribution Group Management" events on failure should be enabled or disabled as appropriate.

CCE-7658-8
Authentication requirements for RPC clients should be configured appropriately.

CCE-2417-4
Auditing of "Kernel Object" events on success should be enabled or disabled as appropriate.

CCE-2470-3
Auditing of "Logon" events on failure should be enabled or disabled as appropriate.

CCE-2474-5
This policy setting controls the behavior of the elevation prompt for administrators. The options are: - Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most co ...

CCE-2355-6
The "User Account Control: Behavior of the elevation prompt for standard users" setting should be configured correctly.

CCE-2432-3
The "Network security: Force logoff when logon hours expire" setting should be configured correctly.

CCE-1481-1
The "Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege)" setting should be configured correctly.

CCE-2294-7
The "Restore files and directories (SeRestorePrivilege)" setting should be configured correctly.

CCE-2304-4
The "Network security: Do not store LAN Manager hash value on next password change" setting should be configured correctly.

CCE-1341-7
The "Create permanent shared objects" setting should be configured correctly.

CCE-2296-2
The "Deny log on locally (SeDenyInteractiveLogonRight)" setting should be configured correctly.

CCE-2507-2
The "Network access: Shares that can be accessed anonymously" setting should be configured correctly.

CCE-2278-0
The "Domain member: Maximum machine account password age" setting should be configured correctly.

CCE-2340-8
The "Network access: Do not allow anonymous enumeration of SAM accounts and shares" setting should be configured correctly.

CCE-2276-4
The "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" setting should be configured correctly.

CCE-1802-8
The "Domain member: Require strong (Windows 2000 or later) session key" setting should be configured correctly.

CCE-2331-7
The "Interactive logon: Do not require CTRL+ALT+DEL" setting should be configured correctly.

CCE-1521-4
The "Network access: Remotely accessible registry paths" setting should be configured correctly.

CCE-1824-2
The "Network access: Let Everyone permissions apply to anonymous users" setting should be configured correctly.

CCE-2356-4
The "Microsoft network client: Digitally sign communications (always)" setting should be configured correctly.

CCE-2203-8
The "Domain member: Digitally encrypt or sign secure channel data (always)" setting should be configured correctly.

CCE-2378-8
The "Microsoft network client: Digitally sign communications (if server agrees)" setting should be configured correctly.

CCE-2324-2
The "Interactive logon: Prompt user to change password before expiration" setting should be configured correctly.

CCE-1767-3
The "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" setting should be configured correctly.

CCE-1962-0
The "Network access: Do not allow anonymous enumeration of SAM accounts" setting should be configured correctly.

CCE-2263-2
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. If no signing request comes from the client, a connection will be allowed without a signature if the Microsoft network server: Di ...

CCE-2362-2
The "Domain member: Digitally sign secure channel data (when possible)" setting should be configured correctly.

CCE-2429-9
The "System objects: Require case insensitivity for non-Windows subsystems" setting should be configured correctly.

CCE-2089-1
The "Network access: Named Pipes that can be accessed anonymously" setting should be configured correctly.

CCE-2236-8
The "Microsoft network server: Amount of idle time required before suspending session" setting should be configured correctly.

CCE-2357-2
The "Network access: Remotely accessible registry paths and sub paths" setting should be configured correctly.

CCE-2327-5
The "Network security: LDAP client signing requirements" setting should be configured correctly.

CCE-2272-3
The "Microsoft network client: Send unencrypted password to third-party SMB servers" setting should be configured correctly.

CPE    1
cpe:/o:microsoft:windows_server_2008:-
*XCCDF
xccdf_org.secpod_benchmark_hipaa_windows_2k8_server
OVAL    244
oval:org.secpod.oval:def:8603
oval:org.secpod.oval:def:8604
oval:org.secpod.oval:def:8600
oval:org.secpod.oval:def:8608
...

© SecPod Technologies