Windows 7/2008 CIS: Mask Pi/GR

Document created by malderman on Sep 10, 2011Last modified by malderman on Sep 10, 2011
Version 2Show Document
  • View in full screen mode

CID        Statement

1048       Status of the 'Shutdown: Clear virtual memory pagefile' setting (Guidance = Enable)

1196       Status of the 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' setting

1433       Status of the 'Interactive logon: Require smart card' setting

1434       Status of the 'Network Access: Named Pipes that can be accessed anonymously' setting

1436       Status of the 'System cryptography: Force strong key protection for user keys stored on the computer' setting

1438       Status of the 'System settings: Optional subsystems' setting (Guidance = Disable)

1439       Status of the 'System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies' setting

1449       Status of the 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting

1460       Status of the 'MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3- style filenames' setting

1463       Status of the 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' setting

1599       Status of the 'Network Access: Remotely accessible registry paths and subpaths' setting

1645       Status of the 'screensaver timeout' setting

2582       Status of the 'User Account Control: Detect application installations and prompt for elevation' setting

2583       Status of the 'User Account Control: Run all administrators in Admin Approval Mode' setting

2584       Status of the 'User Account Control: Only elevate UI Access applications that are installed in secure locations' setting

2586       Status of the 'User Account Control: Admin Approval Mode for the Built-in Administrator account' setting

2587       Status of the 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' setting

2588       Status of the 'System cryptography: Use FIPS compliant algorithms for encryption,hashing, and signing' setting

2605       Status of the 'User Account Control: Behavior of the elevation prompt for standard users' setting

2606       Status of the 'User Account Control: Switch to the secure desktop when prompted for elevation' setting

2608       Status of the 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' setting

2635       Status of the 'Set Client Connection Encryption Level' setting for Terminal Services

2642       Current list of Groups and User Accounts granted the 'Impersonate a client after authentication' right

2681       Status of the 'Turn off Windows Update device driver searching' setting

3242       Current list of Groups and User Accounts granted the 'Create Global Objects' right

3739       Status of the 'Kerberos policy: Maximum lifetime for service ticket' setting in Active Directory

3740       Status of the 'Kerberos policy: Maximum lifetime for user ticket' setting in Active Directory

3758       Status of the 'Kerberos Policy: Maximum lifetime for user ticket renewal' security setting (in days)

3760       Status of the 'Kerberos Policy: Maximum tolerance for computer clock synchronization' setting (in minutes)

3817       Status of the 'Network Access: Remotely accessible registry paths' setting (Windows 2003and later)

3875       Current status of the 'Do not allow drive redirection' setting

3876       Status of the 'Do not allow passwords to be saved' policy setting (Terminal Services)

3891       Status of the 'Always prompt client for password upon connection (Terminal Services)'setting

3892       Status of the 'Disable Remote Desktop Sharing' setting

3896       Status of the 'Require trusted path for credential entry' setting

3897       Status of 'Enumerate administrator accounts on elevation' setting

3899       Status of the 'Solicited Remote Assistance' policy settings

3900       Status of the 'Offer Remote Assistance' setting

3903       Current status of the 'Do not process the run once list' policy

3904       Status of the 'Do not process the legacy run list'

3907       Status of the 'Windows Messenger Customer Experience Improvement Program'

3908       Status of the 'Turn off Search Companion content file updates' service

3919       Status of the 'Turn off printing over HTTP' service

3920       Status of the 'Turn off Internet download for Web publishing and online ordering wizards' setting

3921       Status of the 'Turn off the 'Publish to Web' task for files and folders' group policy

3922       Status of the 'Turn off downloading of print drivers over HTTP' setting

3923       Status of the 'Registry policy processing' settings

3924       Status of the 'Access credential Manager as a trusted caller(SeTrustedCredManAccessPrivilege)' setting

3925       Status of the 'Change the time zone privilege (SeTimeZonePrivilege)' setting

3926       Status of the 'Reschedule Automatic Updates scheduled installations' setting

3927       Status of the 'Install Updates and Shut Down' option in the Shut Down Windows dialog box setting

3928       Status of the 'Increase a process working set (SeIncreaseWorkingSetPrivilege)' setting

3932       Status of the 'Windows Firewall: Inbound connections (Public)' setting

3939       Status of the 'Allow UI Access applications to prompt for elevation without using the secure desktop' setting

3940       Status of the 'User Account Control: Virtualize file and registry write failures toper-user locations' setting

3941       Status of the 'Create Symbolic Links' (SeCreateSymbolicLinkPrivilege) setting

3942       Status of the 'System: Retain old events' Group Policy setting

3943       Status of the 'Security: Retain old events' Group Policy setting

3944       Status of the 'Application: Retain old events' Group Policy setting

3945       Status of the 'Windows Firewall: Apply local firewall rules (Domain) policy' setting

3948       Status of the 'Windows Firewall: Inbound connections (Private)' setting

3949       Status of the 'Windows Firewall: Inbound connections (Domain)' setting

3950       Status of the 'Windows Firewall: Firewall state (Public)' setting

3951       Status of the 'Windows Firewall: Firewall state (Private)' setting

3952       Status of the 'Windows Firewall: Firewall state (Domain)' setting

3959       Status of the 'Windows Firewall: Apply local firewall rules (Private)' setting

3960       Status of the 'Windows Firewall: Apply local firewall rules (Public)' setting

3961       Status of the 'Windows Firewall: Apply local connection security rules (Domain)' setting

3962       Status of the 'Windows Firewall: Display a notification (Domain)' setting

3963       Status of the 'Windows Firewall: Apply local connection security rules (Private)' setting

3964       Status of the 'Windows Firewall: Display a notification (Private)' setting

3965       Status of the 'Windows Firewall: Display a notification (Public)' setting

3966       Status of the 'Windows Firewall: Apply local connection security rules (Public)' setting

4110       Status of the 'Require a Password When a Computer Wakes (on Battery)' Group Policy setting

4111       Status of the Windows Group Policy 'Require a Password When a Computer Wakes (PluggedIn)' setting

4146       Status of the 'Screen Saver' Group Policy setting

4151       Status of the 'Password protect the screen saver' Group Policy setting

4155       Status of the 'Do not preserve zone information in file attachments' Group Policy setting

4156       Status of the 'Notify antivirus programs when opening attachments' Group Policy setting

4158       Status of the 'Hide mechanisms to remove zone information' Group Policy setting

4232       Status of the 'Modify an object label (SeRelabelPrivilege)' User Right Assignment

4470       Status of the 'Security State Change' audit policy setting

4471       Status of the 'Security System Extension' audit policy setting

4472       Status of the 'System Integrity' security policy setting

4473       Status of the 'IPsec Driver' security policy setting

4475       Status of the 'Logon' security policy setting

4476       Status of the 'Logoff' security policy setting

4481       Status of the 'Special Logon' security policy setting

4483       Status of the 'File System' security policy setting

4484       Status of the 'Registry' security policy setting

4494       Status of the 'Sensitive Privilege Use' audit policy setting

4497       Status of the 'Process Creation' audit policy setting

4501       Status of the 'Audit Policy Change' audit policy setting

4502       Status of the 'Authentication Policy Change' audit policy setting

4507       Status of the 'User Account Management' audit policy setting

4508       Status of the 'Computer Account Management' audit policy setting

4509       Status of the 'Security Group Management' security policy setting

4510       Status of the 'Distribution Group Management' security policy setting

4512       Status of the 'Other Account Management Events' security policy setting

4513       Status of the 'Audit Directory Service Access' security policy setting

4514       Status of the 'Directory Service Changes' security policy setting

4517       Status of the 'Credential Validation' security policy setting

4740       Status of the 'Enforce user logon restrictions' setting

4741       Status of the 'MSS: (DisableIPSourceRoutingIPv6) IP source routing protection level(protects against packet spoofing)' setting

4742       Status of the 'MSS: (TCPMaxDataRetransmissions) IPv6 How many times unacknowledged data is retransmitted' setting

Attachments

    Outcomes