Windows XP/2000/2003 CIS: Mask Pi/GR

Document created by malderman on Aug 29, 2011Last modified by malderman on Sep 10, 2011
Version 2Show Document
  • View in full screen mode

CID                        Statement

1052                       Permissions set for the 'Allowed to format and eject removable media' setting (NTFS formatted devices)

1059                       Status of the 'Indexing Service'

1060                       Status of the 'Netmeeting Remote Desktop Sharing' service

1071                       Status of the 'Minimum Password Length' setting

1071                       Status of the 'Minimum Password Length' setting

1072                       Status of the 'Minimum Password Age' setting

1091                       Number of days prior to password expiry set for the warning to be displayed at login

1092                       Status of the 'Password Complexity Requirements' setting

1134                       Status of logon banner title settings (Legal Notice)

1149                       Status of the 'Microsoft network client: Digitally sign communications (always)'setting (SMB)

1150                       Status of the 'Devices: Unsigned Driver Installation Behavior' setting

1152                       Status of the 'Allow undock without having to logon' setting

1153                       Status of the 'Do not allow anonymous enumeration of SAM accounts and shares' setting

1154                       Status of the 'Network access: Do not allow storage of credentials or .NET passports for network authentication' setting

1155                       Status of the 'Number of Previous Logons to Cache' setting

1156                       Status of the 'Shut Down system immediately if unable to log security alerts/audit' setting

1157                       Status of the 'Alerter' service

1158                       Status of the 'Background Intelligent Transfer Service (BITS)' service

1160                       Status of the 'Windows Security Center' service

1161                       Status of the 'Fax' service

1162                       Status of the 'Restrict floppy access to locally logged-on user only' setting

1163                       Status of the 'Prevent users from installing printer drivers' setting

1164                       Status of the 'Do not store LAN Manager password hash value on next password change' setting

1165                       Status of the 'Remote desktop help session manager' setting

1166                       Status of the 'Suppress Dr. Watson Crash Dumps' setting

1167                       Status of the 'Disabled Automatic Execution of the System Debugger' setting

1168                       Status of the 'disabled autoplay for the default

1169                       Status of the 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' setting

1170                       Status of the 'MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments)' setting

1171                       Status of the 'Remove administrative shares on workstation/server' setting

1172                       Status of the 'MSS: (DisableIPSourceRouting) IP source routing protection level(protects against packet spoofing)' setting

1173                       Status of the 'MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)' setting

1174                       Current status of the value set for 'maximum number of TCP Half-Open connectionsallowed' setting

1175                       Status of the 'SYN Attack protection – Manage TCP Maximum half-open retired sockets(TCPMaxHalfOpenRetried)' registry key setting

1176                       Status of the 'Devices: Restrict CD-ROM Access to Locally Logged-On User Only' setting

1177                       Status of the 'Enable IPSec to protect Kerberos RSVP Traffic' registry key setting

1178                       Status of the 'WebDAV basic authentication (SP 2 only)' registry key setting

1179                       Status of the 'USB Block Storage Device Policy' registry key setting

1180                       Status of the 'Simple Mail Transport Protocol (SMTP)' service

1181                       Status of the 'Simple Network Management Protocol (SNMP)' service

1182                       Status of the 'Simple Network Management Protocol (SNMP) trap' service

1183                       Status of the 'Turn off Autoplay' setting

1184                       Status of the 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' setting

1185                       Status of the 'System cryptography: Use FIPS compliant algorithms for encryption,hashing, and signing' setting

1187                       Status of the 'Windows Messenger' service

1188                       Status of the 'System objects: Require case insensitivity for non-Windows subsystems' setting

1189                       Status of the 'Microsoft network server: Digitally sign communication (always)'setting (SMB)

1190                       Status of the 'Interactive Logon: Do Not Display Last User Name' setting

1191                       Status of the 'Remote Registry' service

1192                       Status of the 'MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)' setting

1193                       Status of the 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' setting

1195                       Status of the 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (Only recommended for servers)'setting

1197                       Status of the 'Network access: Do not allow anonymous enumeration of SAM accounts' setting

1198                       Status of the 'Audit: Audit the use of backup and restore privilege' setting

1199                       Status of the 'Microsoft network server: Amount of Idle Time Required Before Suspending Session' setting

1200                       Status of the 'Domain Controller: Refuse machine account password changes' setting

1318                       Status of the 'Password History' setting

1356                       Maximum size of the Application Event Log (in bytes)

1357                       Status of the 'Prevent local guests group from accessing application log' setting

1358                       Status of the 'Retention Method for Application Log' setting

1360                       Maximum size of the Security Event Log (in bytes)

1361                       Status of the 'Prevent local guests group from accessing security log' setting

1362                       Status of the 'Retention Method for Security Log' setting

1363                       Maximum size of the System Event Log (in bytes)

1364                       Status of the 'Prevent local guests group from accessing system log' setting

1365                       Status of the 'Retention Method for System Log' setting

1366                       Status of the 'Accounts: Limit local account use of blank passwords to console logon only' setting

1367                       Status of the 'Audit: Audit the access global base objects' setting

1369                       Status of the 'Shutdown: Allow system to be shut down without having to log on' setting

1370                       Status of the 'Domain member: Digitally encrypt or sign secure channel data (always)' setting

1371                       Status of the 'Domain member: Digitally encrypt secure channel data (when possible)' setting

1372                       Status of the 'Domain member: Digitally sign secure channel data (when possible)' setting

1373                       Status of the 'Domain member: Disable machine account password changes' setting

1374                       Status of the 'Domain member: Maximum machine account password age' setting

1375                       Status of the 'Domain member: Require strong (Windows 2000 or later) session key' setting

1376                       Status of the 'Interactive Logon: Do not require CTRL+ALT+DELETE' setting

1377                       Status of the 'Interactive logon: Require Domain Controller authentication to unlock workstation' setting

1378                       Status of the 'Interactive Logon: Smart Card Removal Behavior' setting

1379                       Status of the 'Microsoft network client: Digitally Sign Communications (if server agrees)' setting

1380                       Status of the 'Microsoft network client: Send Unencrypted Password to Connect to Third-Party SMB Server' setting

1381                       Status of the 'Microsoft network server: Digitally Sign Communications (if Clientagrees) setting

1382                       Status of the 'Microsoft Network Server: Disconnect clients when logon hours expire' setting

1383                       Status of the 'Network Access: Let Everyone permissions apply to anonymous users' setting

1384                       Status of the 'Network Access: Named Pipes that can be accessed anonymously' setting

1385                       Status of the 'Network Access: Shares that can be accessed anonymously' setting

1386                       Status of the 'Network Access: Sharing and security model for local accounts' setting

1387                       Status of the 'Network security: LAN Manager Authentication Level' setting

1388                       Status of the 'Network security: LDAP client signing requirements' setting

1389                       Status of the 'Network Security: Minimum session security for NTLM SSP based(including secure RPC) clients' setting

1390                       Status of the 'Minimum session security for NTLM SSP based (including secure RPC)servers' setting

1391                       Status of the 'Recovery Console: Allow Automatic Administrative Logon' setting

1392                       Status of the 'Recovery console: Allow floppy copy and access to all drives and all folders' setting

1393                       Status of the 'System objects: Default owner for objects created by members of the Administrators group' setting

1426                       Status of the 'System objects: Strengthen default permissions of internal system objects' setting

1427                       Status of the 'IIS Administrator' service

1428                       Status of the 'telnet' service

1429                       Status of the 'World Wide Web Publishing' service

1430                       Status of the 'Terminal Services' service

1431                       Status of the 'Domain controller: Allow server operators to schedule tasks' setting

1432                       Status of the 'Domain Controller: LDAP Server Signing Requirements' setting

1435                       Status of the 'Audit Account Logon Events' policy setting

1437                       Status of the 'Audit Account Management' policy settings

1440                       Status of the 'Audit of Directory Service Access' policy

1445                       Status of the 'MSS: (EnablePMTUDiscovery) Allow automatic detection of MTU size' setting

1446                       Status of the 'Audit Logon Events' settings

1448                       Status of the 'Audit Object Access' policy

1450                       Status of the 'Audit Policy Change' setting

1452                       Status of the 'Audit Privilege Use' setting

1453                       Status of the 'Audit Process Tracking' setting

1454                       Status of the 'Audit System Events' setting

1458                       Status of the 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)'setting

1462                       Status of the 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds (300,000 is recommended)' setting

1502                       Status of the 'Current Service Pack Version Installed'

1503                       Status of the 'CD Autorun' setting as defined within the'HKLM\System\CurrentControlSet\ Services\CDrom\Autorun (REG_DWORD)' registrykey

1504                       Status of the 'Protect against computer browser spoofing attacks' setting

1505                       Status of the 'MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)' registry key setting

1506                       Status of the 'DTC Access (SP2 only) setting

1507                       Status of the 'Automatic Updates' service

1508                       Status of the 'Computer Browser' service

1509                       Status of the 'Netlogon' service

1510                       Status of the 'Routing and Remote Access' service

1511                       Status of the 'Task Scheduler' service

1512                       Status of the 'Universal Plug and Play Device Host (UPnP)' service

1513                       Status of the 'RPC Endpoint Mapper Client Authentication (SP2 only)' setting

1514                       Status of the 'Restrictions for Unauthenticated RPC clients' setting

1515                       Status of the 'Domain Profile: Protect all network connections (SP2 only)' setting

1516                       Status of the 'Domain Profile: Do not allow exceptions (SP2 only) setting

1517                       Status of the 'Domain Profile: Allow local program exceptions' setting

1518                       Status of the 'Domain Profile: Allow remote administration exception' (SP2 only)setting

1519                       Status of the 'Domain Profile: Allow file and print sharing exceptions (SP2 only)'setting

1520                       Status of the 'Domain Profile: Allow ICMP Exceptions (SP2 only)' setting

1521                       Status of the 'Domain Profile: Allow Remote Desktop exceptions (SP2 only)' setting

1522                       Status of the 'Domain Profile: Allow UPnP framework exception (SP2 only)' setting

1523                       Status of the 'Domain Profile: Prohibit notifications' setting

1524                       Status of the 'Domain Profile: Log dropped packets (SP2 only) setting

1525                       Status of the 'Domain Profile: Log file path and name (SP2 only)' setting

1526                       Status of the 'Domain Profile: Log File Size (SP2 only)' setting (Windows Firewall)(Guidance = At least 4096KB)

1527                       Status of the 'Domain Profile: Log Successful Connections (SP2 only)' setting (Windows Firewall)

1528                       Status of the 'Domain Profile: Prohibit Unicast Response to Multicast or Broadcast(SP2 only)' setting (Windows Firewall)

1529                       Status of the 'Domain Profile: Define Port Exceptions (SP2 only)' setting (Windows Firewall)

1530                       Status of the 'Domain Profile: Allow Local Port Exceptions (SP2 only)' setting(Windows Firewall)

1571                       Status of the 'Standard Profile: Protect all network connections (SP2 only)' setting

1574                       Status of the 'Standard Profile: Do not allow exceptions (SP2 only)' setting (Windows Firewall)

1575                       Status of the 'Standard Profile: Allow local program exceptions' setting (Windows Firewall)

1583                       Status of the 'Standard Profile: Allow file and printer sharing exception (SP2 only)'setting

1585                       Status of the 'Standard Profile: Allow ICMP Exceptions (SP2 only)' setting (Windows Firewall)

1588                       Status of the 'Standard Profile: Allow UPnP framework exception (SP2 only)' setting(Windows Firewall)

1589                       Status of the 'Standard Profile: Prohibit notifications' setting (Windows Firewall)

1590                       Status of the 'Standard Profile: Log dropped packets (SP2 only)' setting (Windows Firewall)

1591                       Status of the 'Standard Profile: Log file path and name (SP2 only)' setting (Windows Firewall)

1592                       Status of the 'Standard Profile: Log file size (SP2 only)' setting (Windows Firewall)

1593                       Status of the 'Standard Profile: Log successful connections (SP2 only)' setting(Windows Firewall)

1594                       Status of the 'Standard Profile: Prohibit Unicast Response to Multicast or Broadcast(SP2 only)' setting

1595                       Status of the 'Standard Profile: Define Port Exceptions (SP2 only)' setting (Windows Firewall)

1596                       Status of the 'Standard Profile: Allow Local Port Exceptions (SP2 only)' setting(Windows Firewall)

1597                       Status of the 'Standard Profile: Machine access restrictions (SP2 only)' setting(DCOM)

1598                       Status of the 'DCOM: Machine launch restrictions (SP2 only)' setting

1617                       Permissions set for '%SystemRoot%\system32\at.exe' (Interactive, Service, Batch, Administrator,and System accounts)

1624                       Permissions set for '%SystemRoot%\system32\attrib.exe'

1651                       Permissions set for '%SystemRoot%\system32\cacls.exe'

1654                       Permissions set for '%SystemRoot%\system32\debug.exe'

1656                       Permissions set for '%SystemRoot%\system32\drwatson.exe'

1657                       Permissions set for '%SystemRoot%\system32\drwtsn32.exe'

1658                       Permissions set for '%SystemRoot%\system32\edlin.exe'

1659                       Permissions set for '%SystemRoot%\system32\eventcreate.exe'

1660                       Permissions set for '%SystemRoot%\system32\eventtriggers.exe'

1666                       Permissions set for '%SystemRoot%\system32\ftp.exe'

1667                       Permissions set for '%SystemRoot%\system32\net.exe'

1668                       Permissions set for '%SystemRoot%\system32\net1.exe'

1669                       Permissions set for '%SystemRoot%\system32\netsh.exe'

1670                       Permissions set for '%SystemRoot%\system32\rcp.exe'

1671                       Permissions set for '%SystemRoot%\system32\reg.exe'

1672                       Permissions set for '%SystemRoot%\regedit.exe'

1674                       Permissions set for '%SystemRoot%\system32\regedt32.exe'

1675                       Permissions set for '%SystemRoot%\system32\regsvr32.exe'

1680                       Permissions set for '%SystemRoot%\system32\rexec.exe'

1681                       Permissions set for '%SystemRoot%\system32\rsh.exe'

1682                       Permissions set for '%SystemRoot%\system32\runas.exe'

1683                       Permissions set for '%SystemRoot%\system32\sc.exe'

1684                       Permissions set for '%SystemRoot%\system32\subst.exe'

1685                       Permissions set for '%SystemRoot%\system32\telnet.exe'

1686                       Permissions set for '%SystemRoot%\system32\tftp.exe'

1687                       Permissions set for '%SystemRoot%\system32\tlntsvr.exe'

1864                       List of installed patches from the manufacturer (Microsoft)

2181                       List of User Accounts granted the 'Access this computer from the network' right

2182                       List of User Accounts granted the 'Act as part of the operating system' right

2183                       List of User Accounts granted the 'Add workstations to domain' right

2184                       List of Groups and User Accounts granted the 'Adjust memory quotas for a process' right

2185                       List of Groups and User Accounts granted the 'Allow logon through Terminal Services' right

2186                       List of Groups and User Accounts granted the 'Back up files and directories' right

2187                       List of Groups and User Accounts granted the 'Bypass Traverse Checking' right

2191                       List of Groups and User Accounts granted the 'Change the system time' right

2192                       List of Groups and User Accounts granted the 'Create a Pagefile' right

2193                       List of Groups and User Accounts granted the 'Create a Token Object' right

2194                       List of Groups and User Accounts granted the 'Create Permanent Shared Objects' right

2195                       List of Groups and User Accounts granted the 'Debug Programs' right

2196                       List of Groups and User Accounts granted the 'Deny Access to this computer from the network' right

2197                       List of Groups and User Accounts granted the 'Deny logon as a batch job' right

2198                       List of Groups and User Accounts granted the 'Deny logon as a service' right

2199                       List of Groups and User Accounts granted the 'Deny logon locally' right

2200                       List of Groups and User Accounts granted the 'Deny logon through terminal service' right

2341                       Status of the 'Account lockout duration' setting for invalid login attempts

2342                       Status of the 'Account Lockout Threshold' setting for invalid login attempts

2343                       Status of the 'Reset Account Lockout Counter After' setting

2383                       List of Groups and User Accounts granted the 'Enable computer and user accounts to be trusted for delegation' right

2384                       List of Groups and User Accounts granted the 'Force shutdown from a remote system' right

2385                       List of Groups and User Accounts granted the 'Generate Security Audits' right

2386                       List of Groups and User Accounts granted the 'Increase Scheduling Priority' right

2387                       List of Groups and User Accounts granted the 'Load and unload drivers' right

2388                       List of Groups and User Accounts granted the 'Lock Pages in Memory' right

2389                       List of Groups and User Accounts granted the 'Log on as a batch job(SeBatchLogonRight)' right

2390                       List of User Accounts granted the 'Log on as a Service (SeServiceLogonRight)' right

2391                       List of User Accounts granted the 'Log on locally (SeInteractiveLogonRight)' right

2392                       List of User Accounts granted the 'Manage Auditing and Security Log(SeSecurityPrivilege)' right

2393                       List of User Accounts granted the 'Modify firmware environment values(SeSystemEnvironmentPrivilege)' right

2394                       List of User Accounts granted the 'Perform Volume Maintenance Tasks(SeManageVolumePrivilege)' right

2395                       List of User Accounts granted the 'Profile Single Process(SeProfileSingleProcessPrivilege)' right

2396                       List of User Accounts granted the 'Profile System Performance(SeSystemProfilePrivilege)' right

2397                       List of User Accounts granted the 'Remove computer from docking station (SeUndockPrivilege)'right

2398                       List of User Accounts granted the 'Replace a process level token(SeAssignPrimaryTokenPrivilege)' right

2399                       List of User Accounts granted the 'Restore files and directories(SeRestorePrivilege)' right

2400                       List of User Accounts granted the 'Shut down the system (SeShutdownPrivilege)' right

2401                       List of User Accounts granted the 'Synchronize directory service data(SeSynchAgenPrivilege)' right

2402                       List of User Accounts granted the 'Take ownership of file or other objects (SeTakeOwnershipPrivilege)'user

2421                       Current name of the built-in 'Administrator' account

2422                       Current name of the built-in 'Guest' account

2484                       Status of 'Store password using reversible encryption for all users in the domain' setting

3261                       Status of the 'Disable basic authentication over a clear channel (SP 2 only)' setting

3376                       Status of the 'Maximum Password Age' setting (expiration)

3376                       Status of the 'Maximum Password Age' setting

3400                       Current list of 'allowed hosts' defined in the 'Standard Profile: Allow remote administration exception' (SP2 only) setting

3401                       Status of the 'Standard Profile: Allow Remote Desktop exception' (SP2 only) setting

3657                       Status of the 'Network Access: Allow Anonymous SID/Name Translation' setting

3716                       Current status of the 'file system types for local drives'

3777                       Current status of the built-in 'Guest' account

3778                       Current content of the 'logon banner' (Windows/Unix/Linux)

3779                       Status of the 'Disable autoplay for the default profile' setting

3780                       Current status of the 'Microsoft FTP Publishing Service' service

3781                       Current status of the built-in 'Administrator' account

3806                       List of members/groups in the 'Remote Desktop Users' group (Local)

3811                       Status of the 'Data Execution Protection (DEP) /noexecute' setting as defined within the 'boot.ini' file

3812                       Status of the 'Netbios' setting for all configured interfaces

3824                       Status of the 'Network Access: Remotely accessible registry paths' setting (Win2k, XP)

3997                       Status of the 'Domain Profile: Windows Integrated Firewall (WIF)' setting

Attachments

    Outcomes