The "Prohibit non-administrators from applying vendor signed updates" setting should be configured correctly.
(1) enabled/disabled
(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatching
CCE-612
prohibit_non_administrators_install_signed_updates
oval:gov.nist.fdcc.xp:def:6122
oval:gov.nist.usgcb.xp:def:6122
BITS Shared Assessments SIG v6.0
Jericho Forum
HIPAA/HITECH Act
FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL--
ISO/IEC 27001-2005
COBIT 4.1
GAPP (Aug 2009)
NERC CIP
NIST SP800-53 R3 AC-6
NIST SP800-53 R3 CM-5
PCIDSS v2.0
FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL--
BITS Shared Assessments AUP v5.0
CCE Version 4.2
2008-02-15
FDCC: Guidance for Securing Microsoft Windows XP Systems for IT Professional (XCCDF Benchmark)
NIST
2008-01-10
XCCDF
FDCC: Guidance for Securing Microsoft Windows XP Systems for IT Professional (OVAL Definitions)
NIST
2008-01-10
OVAL
SCAP Repo OVAL Definition
2012-04-13
BITS Shared Assessments SIG v6.0
2012-10-12
Jericho Forum
2012-10-12
HIPAA/HITECH Act
2012-10-12
ISO/IEC 27001-2005
2012-10-12
COBIT 4.1
2012-10-12
GAPP (Aug 2009)
2012-10-12
NERC CIP
2012-10-12
NIST SP800-53 R3
2012-10-12
PCIDSS v2.0
2012-10-12
BITS Shared Assessments AUP v5.0
2012-10-12