Download
| Alert*
|
CCE-8844-3
The 'Allow Standby States (S1-S3) When Sleeping (On Battery)' setting should be configured correctly. CCE-9829-3 The 'Require a Password When a Computer Wakes (On Battery)' setting should be configured correctly. CCE-9136-3 The 'Account lockout threshold' setting should be configured correctly. CCE-9381-5 The 'System cryptography: Force strong key protection for user keys stored on the computer' setting should be configured correctly. CCE-9193-4 The 'Maximum password age' setting should be configured correctly. CCE-9983-8 The 'Do not process the legacy run list' setting should be configured correctly. CCE-9026-6 The 'Devices: Prevent users from installing printer drivers' setting should be configured correctly. CCE-10779-7 The 'Encryption Level' option for the Remote Desktop Services 'Set client connection encryption level' setting should be configured correctly. CCE-10103-0 The 'Always prompt for password upon connection' setting should be configured correctly. CCE-9370-8 The 'Password must meet complexity requirements' policy should be set correctly. CCE-9189-2 This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC pol ... CCE-10154-3 The 'Do not process the run once list' setting should be configured correctly. CCE-9801-2 The 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' setting should be configured correctly. CCE-9670-1 The 'Require a Password When a Computer Wakes (Plugged In)' setting should be configured correctly. CCE-9212-2 The 'Deny log on as a batch job' user right should be assigned to the appropriate accounts. CCE-9874-9 The "Turn off Heap termination on corruption" setting should be configured correctly. CCE-9266-8 The 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' setting should be configured correctly. CCE-10769-8 The "Allow remote access to the PnP interface" setting should be configured correctly. CCE-8714-8 The 'Accounts: Guest account status' setting should be configured correctly. CCE-9616-4 This policy setting controls the behavior of application installation detection for the computer. The options are: - Enabled: (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name ... CCE-9330-2 The 'Minimum password age' setting should be configured correctly. CCE-9126-4 The 'Allow Standby States (S1-S3) When Sleeping (Plugged In)' setting should be configured correctly. CCE-9357-5 The 'Minimum password length' setting should be configured correctly. CCE-8591-0 The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly. CCE-9244-5 The 'Deny access to this computer from the network' user right should be assigned to the appropriate accounts. CCE-9918-4 The 'Turn off Data Execution Prevention for Explorer' setting should be configured correctly. CCE-9021-7 The 'User Account Control: Only elevate executables that are signed and validated' setting should be configured correctly. CCE-9040-7 The 'Microsoft network server: Digitally sign communications (always)' setting should be configured correctly. CCE-10655-9 The "Turn off Autoplay for non-volume devices" setting should be configured correctly. CCE-9528-1 The 'Turn off Autoplay' setting should be configured correctly. CCE-8806-2 LAN Manager (LM) is a family of early Microsoft client/server software that allows users to link personal computers together on a single network. Network capabilities include transparent file and print sharing, user security features, and network administration tools. In Active Directory domains, th ... CCE-10181-6 The 'RPC Endpoint Mapper Client Authentication' setting should be configured correctly. CCE-10527-0 The default behavior for AutoRun should be properly configured. CCE-9540-6 The 'Network access: Restrict anonymous access to Named Pipes and Shares' setting should be configured correctly. CCE-8912-8 The "enforce password history" policy should meet minimum requirements. CCE-9396-3 The 'Restrictions for Unauthenticated RPC clients' setting should be configured correctly. CCE-8813-8 The 'User Account Control: Behavior of the elevation prompt for standard users' setting should be configured correctly. CCE-8937-5 The 'Network security: Do not store LAN Manager hash value on next password change' setting should be configured correctly. CCE-9375-7 The 'Domain member: Digitally sign secure channel data (when possible)' setting should be configured correctly. CCE-8974-8 The 'Domain member: Digitally encrypt or sign secure channel data (always)' setting should be configured correctly. CCE-9327-8 The 'Microsoft network client: Digitally sign communications (always)' setting should be configured correctly. CCE-9249-4 The 'Network access: Do not allow anonymous enumeration of SAM accounts' setting should be configured correctly. CCE-9156-1 The 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' setting should be configured correctly. CCE-9386-4 The 'Network access: Remotely accessible registry paths and sub-paths' setting should be configured correctly. CCE-9199-1 Use of the built-in Administrator account should be enabled or disabled as appropriate. CCE-9307-0 The 'Interactive logon: Prompt user to change password before expiration' setting should be configured correctly. CCE-8936-7 The 'Network access: Let Everyone permissions apply to anonymous users' setting should be configured correctly. CCE-9400-3 The 'Reset account lockout counter after' setting should be configured correctly. CCE-9308-8 The 'Account lockout duration' setting should be configured correctly. CCE-9123-1 The 'Domain member: Maximum machine account password age' setting should be configured correctly. |
