[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*


CCE-9498-7
Auditing of 'Account Management: Computer Account Management' events on success should be enabled or disabled as appropriate.

CCE-9802-0
Auditing of 'System: IPsec Driver' events on failure should be enabled or disabled as appropriate.

CCE-10051-1
The screen saver should be enabled or disabled as appropriate for the current user.

CCE-9704-8
The 'Network security: Force logoff when logon hours expire' setting should be configured correctly.

CCE-9596-8
Auditing of 'Policy Change: Other Policy Change Events' events on success should be enabled or disabled as appropriate.

CCE-9958-0
The 'Force specific screen saver' setting should be configured correctly.

CCE-9321-1
Auditing of 'Audit account logon events' events on success should be enabled or disabled as appropriate.

CCE-9258-5
Auditing of 'Account Logon: Kerberos Authentication Service' events on success should be enabled or disabled as appropriate.

CCE-9628-9
Auditing of 'DS Access: Detailed Directory Service Replication' events on success should be enabled or disabled as appropriate.

CCE-9235-3
Auditing of 'Policy Change: Audit Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-9148-8
Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on success should be enabled or disabled as appropriate.

CCE-10076-8
The 'Notify antivirus programs when opening attachments' setting should be configured correctly.

CCE-9661-0
Auditing of 'Logon-Logoff: IPsec Extended Mode' events on success should be enabled or disabled as appropriate.

CCE-9608-1
Auditing of 'Account Management: Computer Account Management' events on failure should be enabled or disabled as appropriate.

CCE-9816-0
Auditing of 'Object Access:��Application Generated' events on success should be enabled or disabled as appropriate.

CCE-9718-8
Auditing of 'Account Logon: Credential Validation' events on failure should be enabled or disabled as appropriate.

CCE-9586-9
Auditing of 'System: Other System Events' events on success should be enabled or disabled as appropriate.

CCE-9376-5
Auditing of 'Object Access:��File Share' events on success should be enabled or disabled as appropriate.

CCE-9683-4
Auditing of 'Logon-Logoff: Logon' events on success should be enabled or disabled as appropriate.

CCE-9803-8
Auditing of 'Object Access:��Kernel Object' events on success should be enabled or disabled as appropriate.

CCE-9728-7
Auditing of 'Object Access:��Filtering Platform Connection' events on success should be enabled or disabled as appropriate.

CCE-9365-8
Auditing of 'Audit logon events' events on success should be enabled or disabled as appropriate.

CCE-10939-7
DEPRECATED in favor of CCE-9715-4, CCE-8956-5. Previously: Auditing of 'Logon-Logoff: IPsec Main Mode' events on success should be enabled or disabled as appropriate.

CCE-9562-0
Auditing of 'Detailed Tracking: Process Creation' events on success should be enabled or disabled as appropriate.

CCE-9902-8
Auditing of 'Policy Change: Filtering Platform Policy Change' events on success should be enabled or disabled as appropriate.

CCE-9925-9
Auditing of 'System: IPsec Driver' events on success should be enabled or disabled as appropriate.

CCE-9531-5
The 'Network access: Allow anonymous SID/Name translation' setting should be configured correctly.

CCE-9347-6
Auditing of 'Audit process tracking' events on success should be enabled or disabled as appropriate.

CCE-9542-2
Auditing of 'Account Management: User Account Management' events on success should be enabled or disabled as appropriate.

CCE-9455-7
Auditing of 'Object Access:��Other Object Access Events' events on success should be enabled or disabled as appropriate.

CCE-9805-3
Auditing of 'Detailed Tracking: Process Creation' events on failure should be enabled or disabled as appropriate.

CCE-9227-0
Auditing of 'Detailed Tracking: Process Termination' events on success should be enabled or disabled as appropriate.

CCE-9194-2
Auditing of 'System: System Integrity' events on failure should be enabled or disabled as appropriate.

CCE-8956-5
Auditing of 'Logon-Logoff: IPsec Main Mode' events on success should be enabled or disabled as appropriate.

CCE-9808-7
Auditing of 'Account Logon: Other Account Logon Events' events on success should be enabled or disabled as appropriate.

CCE-10490-1
The 'Remove CD Burning features' setting should be configured correctly.

CCE-9763-4
Auditing of 'Logon-Logoff: Special Logon' events on success should be enabled or disabled as appropriate.

CCE-9224-7
Auditing of 'Audit directory service access' events on success should be enabled or disabled as appropriate.

CCE-9213-0
Auditing of 'Logon-Logoff: Logon' events on failure should be enabled or disabled as appropriate.

CCE-9190-0
Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on success should be enabled or disabled as appropriate.

CCE-9850-9
Auditing of 'System: Security State Change' events on success should be enabled or disabled as appropriate.

CCE-9521-6
Auditing of 'Logon-Logoff: Special Logon' events on failure should be enabled or disabled as appropriate.

CCE-9180-1
Auditing of 'Audit policy change' events on success should be enabled or disabled as appropriate.

CCE-8822-9
Auditing of 'Account Management: Application Group Management' events on success should be enabled or disabled as appropriate.

CCE-8856-7
Auditing of 'Logon-Logoff: Logoff' events on success should be enabled or disabled as appropriate.

CCE-9520-8
Auditing of 'System: System Integrity' events on success should be enabled or disabled as appropriate.

CCE-9644-6
Auditing of 'Account Management: Distribution Group Management' events on success should be enabled or disabled as appropriate.

CCE-9076-1
Auditing of 'Logon-Logoff: Network Policy Server' events on success should be enabled or disabled as appropriate.

CCE-9863-2
Auditing of 'System: Security System Extension' events on success should be enabled or disabled as appropriate.

CCE-10450-5
DEPRECATED in favor of CCE-10078-4, CCE-9737-8.

CCE-8407-9
Auditing of 'Audit system events' events on success should be enabled or disabled as appropriate.

CCE-9765-9
Auditing of 'DS Access: Directory Service Access' events on success should be enabled or disabled as appropriate.

CCE-9633-9
Auditing of 'Policy Change: Authorization Policy Change' events on success should be enabled or disabled as appropriate.

CCE-9162-9
Auditing of 'Audit object access' events on success should be enabled or disabled as appropriate.

CCE-10014-9
Auditing of 'Policy Change: Authentication Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-9730-3
The 'Password protect the screen saver' setting should be configured correctly.

CCE-9632-1
Auditing of 'Logon-Logoff: IPsec Quick Mode' events on success should be enabled or disabled as appropriate.

CCE-9172-8
Auditing of 'Privilege Use: Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate.

CCE-8853-4
Auditing of 'Logon-Logoff: Account Lockout' events on success should be enabled or disabled as appropriate.

CCE-9217-1
Auditing of 'Object Access:��File System' events on success should be enabled or disabled as appropriate.

CCE-9789-9
Auditing of 'Object Access:��Handle Manipulation' events on success should be enabled or disabled as appropriate.

CCE-9720-4
Auditing of 'Object Access: Detailed File Share' events on success should be enabled or disabled as appropriate.

CCE-9668-5
Auditing of 'Account Management: Other Account Management Events' events on failure should be enabled or disabled as appropriate.

CCE-9998-6
Auditing of 'System: Security System Extension' events on failure should be enabled or disabled as appropriate.

CCE-10148-5
The 'Screen Saver timeout' setting should be configured correctly.

CCE-9657-8
Auditing of 'Account Management: Other Account Management Events' events on success should be enabled or disabled as appropriate.

CCE-9622-2
Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on success should be enabled or disabled as appropriate.

CCE-9339-3
Auditing of 'Audit account management' events on success should be enabled or disabled as appropriate.

CCE-9976-2
Auditing of 'Policy Change: Authentication Policy Change' events on success should be enabled or disabled as appropriate.

CCE-10078-4
Auditing of 'Object Access:��Registry' events on failure should be enabled or disabled as appropriate.

CCE-9735-2
Auditing of 'Detailed Tracking: DPAPI Activity' events on success should be enabled or disabled as appropriate.

CCE-9637-0
Auditing of 'DS Access: Directory Service Replication' events on success should be enabled or disabled as appropriate.

CCE-9856-6
Auditing of 'Object Access:��SAM' events on success should be enabled or disabled as appropriate.

CCE-9058-9
Auditing of 'Logon-Logoff: Logoff' events on failure should be enabled or disabled as appropriate.

CCE-9179-3
Auditing of 'System: Security State Change' events on failure should be enabled or disabled as appropriate.

CCE-10551-0
DEPRECATED in favor of CCE-9811-1, CCE-9217-1.

CCE-9133-0
Auditing of 'Object Access:��Filtering Platform Packet Drop' events on success should be enabled or disabled as appropriate.

CCE-9734-5
Auditing of 'DS Access: Directory Service Changes' events on success should be enabled or disabled as appropriate.

CCE-9878-0
Auditing of 'Privilege Use: Sensitive Privilege Use' events on success should be enabled or disabled as appropriate.

CCE-9492-0
Auditing of 'Detailed Tracking: RPC Events' events on success should be enabled or disabled as appropriate.

CCE-9988-7
Auditing of 'Privilege Use: Other Privilege Use Events' events on success should be enabled or disabled as appropriate.

CCE-10021-4
Auditing of 'Policy Change: Audit Policy Change' events on success should be enabled or disabled as appropriate.

CCE-9725-3
Auditing of 'Account Logon: Credential Validation' events on success should be enabled or disabled as appropriate.

CCE-9153-8
Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on success should be enabled or disabled as appropriate.

CCE-9800-4
Auditing of 'Account Management: User Account Management' events on failure should be enabled or disabled as appropriate.

CCE-9692-5
Auditing of 'Account Management: Security Group Management' events on success should be enabled or disabled as appropriate.

CCE-9066-2
Auditing of 'Audit privilege use' events on success should be enabled or disabled as appropriate.

CCE-9737-8
Auditing of 'Object Access:��Registry' events on success should be enabled or disabled as appropriate.

CCE-9056-3
Auditing of 'Account Management: Security Group Management' events on failure should be enabled or disabled as appropriate.

CCE-9460-7
Auditing of 'Object Access:��Certification Services' events on success should be enabled or disabled as appropriate.

CCE-9811-1
Auditing of 'Object Access:��File System' events on failure should be enabled or disabled as appropriate.

CCE-10763-1
The startup type of the NetMeeting Remote Desktop Sharing service should be correct.

CCE-9136-3
The 'Account lockout threshold' setting should be configured correctly.

CCE-9026-6
The 'Devices: Prevent users from installing printer drivers' setting should be configured correctly.

CCE-9694-1
Windows Firewall should allow or block inbound connections by default as appropriate for the Private Profile.

CCE-9440-9
The 'Devices: Restrict floppy access to locally logged-on user only' setting should be configured correctly.

CCE-8817-9
The 'User Account Control: Virtualize file and registry write failures to per-user locations' setting should be configured correctly.

CCE-9801-2
The 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' setting should be configured correctly.

CCE-9749-3
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Public Profile.

CCE-9212-2
The 'Deny log on as a batch job' user right should be assigned to the appropriate accounts.

CCE-10543-7
The startup type of the Homegroup Listener service should be correct.

CCE-8654-6
The 'Network access: Do not allow storage of passwords and credentials for network authentication' setting should be configured correctly.

CCE-9266-8
The 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' setting should be configured correctly.

CCE-8804-7
Allow NTLM to fall back to NULL session when used with LocalSystem. The default is TRUE up to Windows Vista and FALSE in Windows 7. Countermeasure: Configure Network security: Allow LocalSystem NULL session fallback to Disabled. Potential Impact: Any applications that require NULL ses ...

CCE-9901-0
The "Do not send a Windows Error Report when a generic driver is installed on a device" setting should be configured correctly.

CCE-10709-4
The Windows Error Reporting "Display Error Notification" setting should be configured correctly.

CCE-8655-3
The 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly.

CCE-9244-5
The 'Deny access to this computer from the network' user right should be assigned to the appropriate accounts.

CCE-9014-2
The 'Shut down the system' user right should be assigned to the appropriate accounts.

CCE-9112-4
This policy setting determines whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. It enables or disables certificate rules (a type of software restriction policies rule). With soft ...

CCE-9914-3
The "Disable Windows Error Reporting" setting should be configured correctly.

CCE-9342-7
The 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' setting should be configured correctly.

CCE-9487-0
The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

CCE-9048-0
The 'Increase a process working set' user right should be assigned to the appropriate accounts.

CCE-9456-5
The 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

CCE-9663-6
The 'Windows Firewall: Private: Apply local firewall rules' setting should be configured correctly.

CCE-9226-2
The 'Generate security audits' user right should be assigned to the appropriate accounts.

CCE-9686-7
The 'Windows Firewall: Domain: Apply local firewall rules' setting should be configured correctly.

CCE-9938-2
The 'Enumerate administrator accounts on elevation' setting should be configured correctly.

CCE-9193-4
The 'Maximum password age' setting should be configured correctly.

CCE-9301-3
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. - Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevati ...

CCE-8414-5
The 'Bypass traverse checking' user right should be assigned to the appropriate accounts.

CCE-10502-3
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-9007-6
Windows Firewall should allow or block inbound connections by default as appropriate for the Public Profile.

CCE-9336-9
The 'Force shutdown from a remote system' user right should be assigned to the appropriate accounts.

CCE-10779-7
The 'Encryption Level' option for the Remote Desktop Services 'Set client connection encryption level' setting should be configured correctly.

CCE-9215-5
The 'Create a token object' user right should be assigned to the appropriate accounts.

CCE-10103-0
The 'Always prompt for password upon connection' setting should be configured correctly.

CCE-8789-0
The 'Audit: Audit the use of Backup and Restore privilege' setting should be configured correctly.

CCE-10658-3
The "Turn off handwriting personalization data sharing" setting should be configured correctly.

CCE-8945-8
The 'Recovery console: Allow floppy copy and access to all drives and all folders' setting should be configured correctly.

CCE-9096-9
When enabled, this policy setting causes Local System services that use Negotiate to use the computer identity when NTLM authentication is selected by the negotiation. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Countermeasure: Configure Network security: Allo ...

CCE-10645-0
The "Turn Off Handwriting Reconition Error Reporting" setting should be configured correctly.

CCE-9348-4
The 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' setting should be configured correctly.

CCE-10611-2
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Private Profile.

CCE-8513-4
The 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' setting should be configured correctly.

CCE-8503-5
The 'Microsoft network server: Server SPN target name validation level' setting should be configured correctly.

CCE-9458-1
The 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' setting should be configured correctly.

CCE-9345-0
The 'Allow log on locally' user right should be assigned to the appropriate accounts.

CCE-9786-5
The 'Windows Firewall: Public: Apply local firewall rules' setting should be configured correctly.

CCE-10359-8
The "Require domain users to elevate when setting a network's location" setting should be configured correctly.

CCE-8811-2
The 'User Account Control: Admin Approval Mode for the Built-in Administrator account' setting should be configured correctly.

CCE-9149-6
The 'Modify an object label' user right should be assigned to the appropriate accounts.

CCE-10007-3
The "Turn on Basic feed authentication over HTTP" setting should be configured correctly.

CCE-10215-2
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Private Profile.

CCE-8591-0
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.

CCE-9532-3
The 'Network Security: Configure encryption types allowed for Kerberos' setting should be configured correctly.

CCE-10157-6
The Windows Error Reporting "Disable Logging" setting should be configured correctly.

CCE-9960-6
Unsolicited offers of remote assistance (aka the 'Offer Remote Assistance' setting) should be automatically rejected or passed to the logged-on user for confirmation as appropriate.

CCE-9983-8
The 'Do not process the legacy run list' setting should be configured correctly.

CCE-10714-4
The setup log maximum size should be configured correctly.

CCE-8999-5
The 'Increase scheduling priority' user right should be assigned to the appropriate accounts.

CCE-9907-7
The "Report Logon Server Not Available During User logon" setting should be configured correctly.

CCE-9875-6
The "Set Safe for Scripting" policy should be set correctly.

CCE-9185-0
The 'Create a pagefile' user right should be assigned to the appropriate accounts.

CCE-9753-5
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Public Profile.

CCE-9620-6
Windows Firewall should allow or block inbound connections by default as appropriate for the Domain Profile.

CCE-9439-1
The 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' setting should be configured correctly.

CCE-10769-8
The "Allow remote access to the PnP interface" setting should be configured correctly.

CCE-8714-8
The 'Accounts: Guest account status' setting should be configured correctly.

CCE-9888-9
The "Prohibit non-administrators from applying vendor signed updates" setting should be configured correctly.

CCE-8583-7
The 'Debug programs' user right should be assigned to the appropriate accounts.

CCE-8560-5
The 'MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)' setting should be configured correctly.

CCE-9326-0
The 'Remove computer from docking station' user right should be assigned to the appropriate accounts.

CCE-10268-1
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-9107-4
The 'Allow log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.

CCE-9304-7
The 'Devices: Restrict CD-ROM access to locally logged-on user only' setting should be configured correctly.

CCE-9098-5
The 'Deny log on as a service' user right should be assigned to the appropriate accounts.

CCE-10344-0
The "Turn on session logging" setting should be configured correctly.

CCE-10591-6
Use Classic Logon should be properly configured.

CCE-9150-4
The 'Audit: Audit the access of global system objects' setting should be configured correctly.

CCE-10092-5
The 'Require trusted path for credential entry' setting should be enabled or disabled as appropriate.

CCE-9380-7
The 'Access Credential Manager as a trusted caller' user right should be assigned to the appropriate accounts.

CCE-9501-8
The 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' setting should be configured correctly.

CCE-9040-7
The 'Microsoft network server: Digitally sign communications (always)' setting should be configured correctly.

CCE-9426-8
The 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' setting should be configured correctly.

CCE-10844-9
The startup type of the WWAN AutoConfig service should be correct.

CCE-9418-5
The 'Accounts: Limit local account use of blank passwords to console logon only' setting should be configured correctly.

CCE-10661-7
The startup type of the Bluetooth service should be correct.

CCE-8562-1
The 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' setting should be configured correctly.

CCE-9253-6
The 'Access this computer from the network' user right should be assigned to the appropriate accounts.

CCE-9068-8
The 'Adjust memory quotas for a process' user right should be assigned to the appropriate accounts.

CCE-9712-1
The 'Windows Firewall: Private: Apply local connection security rules' setting should be configured correctly.

CCE-9879-8
The "Configuration of wireless settings using Windows Connect Now" setting should be configured correctly for Wireless Connect Now over Ethernet (UPnP).

CCE-9189-2
This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC pol ...

CCE-10154-3
The 'Do not process the run once list' setting should be configured correctly.

CCE-10441-4
The "Enable Error Reporting" policy should be set correctly.

CCE-9496-1
The 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly.

CCE-9616-4
This policy setting controls the behavior of application installation detection for the computer. The options are: - Enabled: (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name ...

CCE-10509-8
The "Route all traffic through the internal network" setting should be configured correctly.

CCE-10011-5
The "Teredo State" setting should be configured correctly.

CCE-8431-9
The 'Create global objects' user right should be assigned to the appropriate accounts.

CCE-9251-0
This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. If you enable this policy setting, the domain member will request encryption of all secure channel traffic. If you disable this policy setting, the domain m ...

CCE-9274-2
The 'Deny log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.

CCE-10824-1
The Windows Error Reporting "Do not send additional data" setting should be configured correctly.

CCE-9395-5
The 'User Account Control: Switch to the secure desktop when prompting for elevation' setting should be configured correctly.

CCE-10156-8
The 'Maximum Log Size (KB)' setting should be configured correctly for the system log.

CCE-8807-0
The 'Recovery console: Allow automatic administrative logon' setting should be configured correctly.

CCE-8467-3
The 'Impersonate a client after authentication' user right should be assigned to the appropriate accounts.

CCE-9021-7
The 'User Account Control: Only elevate executables that are signed and validated' setting should be configured correctly.

CCE-9603-2
The 'Maximum Log Size (KB)' setting should be configured correctly for the application log.

CCE-9407-8
The 'Act as part of the operating system' user right should be assigned to the appropriate accounts.

CCE-8784-1
The 'MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended)' setting should be configured correctly.

CCE-8806-2
LAN Manager (LM) is a family of early Microsoft client/server software that allows users to link personal computers together on a single network. Network capabilities include transparent file and print sharing, user security features, and network administration tools. In Active Directory domains, th ...

CCE-9223-9
The 'Manage auditing and security log' user right should be assigned to the appropriate accounts.

CCE-10077-6
The 'Allow Remote Shell Access' setting should be configured correctly.

CCE-9770-9
The 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' setting should be configured correctly.

CCE-9358-3
The 'Microsoft network server: Disconnect clients when logon hours expire' setting should be configured correctly.

CCE-10527-0
The default behavior for AutoRun should be properly configured.

CCE-10130-3
The "ISATAP State" setting for IPv6 should be configured correctly.

CCE-8487-1
The 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' setting should be configured correctly.

CCE-10608-8
The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.

CCE-9503-4
The 'Network access: Sharing and security model for local accounts' setting should be configured correctly.

CCE-9858-2
The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.

CCE-9067-0
The 'Interactive logon: Smart card removal behavior' setting should be configured correctly.

CCE-8818-7
Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting determines whether it is necessary to contact a domain controller to unlock a computer. If you enable this setting, a domain c ...

CCE-9389-8
The 'Back up files and directories' user right should be assigned to the appropriate accounts.

CCE-9124-9
The 'Restore files and directories' user right should be assigned to the appropriate accounts.

CCE-8937-5
The 'Network security: Do not store LAN Manager hash value on next password change' setting should be configured correctly.

CCE-9289-0
The 'Lock pages in memory' user right should be assigned to the appropriate accounts.

CCE-8958-1
This policy setting controls the behavior of the elevation prompt for administrators. The options are: - Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most co ...

CCE-8813-8
The 'User Account Control: Behavior of the elevation prompt for standard users' setting should be configured correctly.

CCE-9239-5
The 'Deny log on locally' user right should be assigned to the appropriate accounts.

CCE-8868-2
The 'Devices: Allowed to format and eject removable media' setting should be configured correctly.

CCE-8930-0
The 'Enable computer and user accounts to be trusted for delegation' user right should be assigned to the appropriate accounts.

CCE-8475-6
The 'Perform volume maintenance tasks' user right should be assigned to the appropriate accounts.

CCE-9254-4
The 'Create permanent shared objects' user right should be assigned to the appropriate accounts.

CCE-9985-3
This policy setting allows you to configure remote access to computers by using Remote Desktop Services. If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services ...

CCE-9739-4
The Windows Firewall should be enabled or disabled as appropriate for the Private Profile.

CCE-9344-3
The 'Microsoft network client: Digitally sign communications (if server agrees)' setting should be configured correctly.

CCE-9465-6
The Windows Firewall should be enabled or disabled as appropriate for the Domain Profile.

CCE-8825-2
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. If no signing request comes from the client, a connection will be allowed without a signature if the Microsoft network server: Di ...

CCE-9534-9
The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

CCE-8974-8
The 'Domain member: Digitally encrypt or sign secure channel data (always)' setting should be configured correctly.

CCE-9327-8
The 'Microsoft network client: Digitally sign communications (always)' setting should be configured correctly.

CCE-8936-7
The 'Network access: Let Everyone permissions apply to anonymous users' setting should be configured correctly.

CCE-9672-7
The 'No auto-restart with logged on users for scheduled automatic updates installations' setting should be configured correctly.

CCE-9123-1
The 'Domain member: Maximum machine account password age' setting should be configured correctly.

CCE-9249-4
The 'Network access: Do not allow anonymous enumeration of SAM accounts' setting should be configured correctly.

CCE-9432-6
The 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' setting should be configured correctly.

CCE-9317-9
The 'Interactive logon: Do not require CTRL+ALT+DEL' setting should be configured correctly.

CCE-9196-7
The 'Network access: Shares that can be accessed anonymously' setting should be configured correctly.

CCE-9449-0
The 'Interactive logon: Do not display last user name' setting should be configured correctly.

CCE-9218-9
The 'Network access: Named Pipes that can be accessed anonymously' setting should be configured correctly.

CCE-9406-0
The 'Microsoft network server: Amount of idle time required before suspending session' setting should be configured correctly.

CCE-9265-0
The 'Microsoft network client: Send unencrypted password to third-party SMB servers' setting should be configured correctly.

CCE-9156-1
The 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' setting should be configured correctly.

CCE-9121-5
The 'Network access: Remotely accessible registry paths' setting should be configured correctly.

CCE-9199-1
Use of the built-in Administrator account should be enabled or disabled as appropriate.

CPE    1
cpe:/o:microsoft:windows_7
*XCCDF
xccdf_hippa_benchmark_Windows_7
OVAL    228
oval:gov.nist.usgcb.windowsseven:def:200
oval:gov.nist.usgcb.windowsseven:def:202
oval:org.secpod.oval:def:7711
oval:org.secpod.oval:def:7712
...

© SecPod Technologies