mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
CIS - WIN10 - 18.4.1 - 18.4.13 (#10707)
This commit is contained in:
RachelElysia
GitHub
parent
2fb5aa629d
commit
1256d1d4b6
1 changed files with 258 additions and 6 deletions
|
|
@ -3116,7 +3116,259 @@ apiVersion: v1
|
|||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'Turn off multicast name resolution' is set to 'Enabled'
|
||||
CIS - Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
This setting is separate from the Welcome screen feature in Windows XP and Windows Vista; if that feature is disabled, this setting is not disabled. If you configure a computer for automatic logon, anyone who can physically gain access to the computer can also gain access to everything that is on the computer, including any network or networks to which the computer is connected. Also, if you enable automatic logon, the password is stored in the registry in plaintext, and the specific registry key that stores this value is remotely readable by the Authenticated Users group.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to Disabled:
|
||||
'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)'
|
||||
Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\AutoAdminLogon' AND data = 0);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.1, CIS_group_policy_template_required
|
||||
contributors: rachelelysia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
IP source routing is a mechanism that allows the sender to determine the IP route that a datagram should follow through the network.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to 'Enabled: Highest protection, source routing is completely disabled':
|
||||
'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)'
|
||||
Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\DisableIPSourceRouting' AND data = 2);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.2, CIS_group_policy_template_required
|
||||
contributors: rachelelysia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
IP source routing is a mechanism that allows the sender to determine the IP route that a datagram should take through the network. It is recommended to configure this setting to Not Defined for enterprise environments and to Highest Protection for high security environments to completely disable source routing.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to 'Enabled: Highest protection, source routing is completely disabled':
|
||||
'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)'
|
||||
Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\DisableIPSourceRouting' AND data = 2);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.3, CIS_group_policy_template_required
|
||||
contributors: rachelelysia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
When you dial a phonebook or VPN entry in Dial-Up Networking, you can use the "Save Password" option so that your Dial-Up Networking password is cached and you will not need to enter it on successive dial attempts. For security, administrators may want to prevent users from caching passwords.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to Enabled:
|
||||
'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS:(DisableSavePassword) Prevent the dial-up password from being saved'
|
||||
Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasMan\\Parameters\DisableSavePassword' AND data = 2);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.4, CIS_group_policy_template_required
|
||||
contributors: rachelelysia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
Internet Control Message Protocol (ICMP) redirects cause the IPv4 stack to plumb host routes. These routes override the Open Shortest Path First (OSPF) generated routes.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to Disabled:
|
||||
'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes'
|
||||
Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\EnableICMPRedirect' AND data = 0);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.5, CIS_group_policy_template_required
|
||||
contributors: rachelelysia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
This value controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote computer is still reachable, it acknowledges the keep-alive packet.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to 'Enabled: 300,000 or 5 minutes (recommended)':
|
||||
'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds'
|
||||
Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\KeepAliveTime' AND data = 300000);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.6, CIS_group_policy_template_required
|
||||
contributors: rachelelysia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
NetBIOS over TCP/IP is a network protocol that among other things provides a way to easily resolve NetBIOS names that are registered on Windows-based systems to the IP addresses that are configured on those systems. This setting determines whether the computer releases its NetBIOS name when it receives a name-release request.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to Enabled:
|
||||
'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers'
|
||||
Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\NoNameReleaseOnDemand' AND data = 1);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.7, CIS_group_policy_template_required
|
||||
contributors: rachelelysia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
This setting is used to enable or disable the Internet Router Discovery Protocol (IRDP), which allows the system to detect and configure default gateway addresses automatically as described in RFC 1256 on a per-interface basis.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to Disabled:
|
||||
'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)'
|
||||
Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\PerformRouterDiscovery' AND data = 0);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.8, CIS_group_policy_template_required
|
||||
contributors: rachelelysia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
The DLL search order can be configured to search for DLLs that are requested by running processes in one of two ways:
|
||||
- Search folders specified in the system path first, and then search the current working folder.
|
||||
- Search current working folder first, and then search the folders specified in the system path.
|
||||
When enabled, the registry value is set to 1. With a setting of 1, the system first searches the folders that are specified in the system path and then searches the current working folder.
|
||||
When disabled the registry value is set to 0 and the system first searches the current working folder and then searches the folders that are specified in the system path.
|
||||
Applications will be forced to search for DLLs in the system path first. For applications that require unique versions of these DLLs that are included with the application, this entry could cause performance or stability problems.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to Enabled:
|
||||
'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)'
|
||||
Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\SafeDllSearchMode' AND data = 1);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.9, CIS_group_policy_template_required
|
||||
contributors: rachelelysia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
Windows includes a grace period between when the screen saver is launched and when the console is actually locked automatically when screen saver locking is enabled.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to Enabled: 5 or fewer seconds:
|
||||
'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)'
|
||||
Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\ScreenSaverGracePeriod' AND data <= 5);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.10, CIS_group_policy_template_required
|
||||
contributors: rachelelysia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
This setting controls the number of times that TCP retransmits an individual data segment (non-connect segment) before the connection is aborted. The retransmission time-out is doubled with each successive retransmission on a connection. It is reset when responses resume. The base time-out value is dynamically determined by the measured round-trip time on the connection.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to 'Enabled: 3':
|
||||
'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS:(TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted'
|
||||
Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TCPIP6\\Parameters\TcpMaxDataRetransmissions' AND data = 3);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.11, CIS_group_policy_template_required
|
||||
contributors: rachelelysia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
This setting controls the number of times that TCP retransmits an individual data segment (non-connect segment) before the connection is aborted. The retransmission time-out is doubled with each successive retransmission on a connection. It is reset when responses resume. The base time-out value is dynamically determined by the measured round-trip time on the connection.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to 'Enabled: 3':
|
||||
'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS:(TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted'
|
||||
Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\TcpMaxDataRetransmissions' AND data = 3);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.12, CIS_group_policy_template_required
|
||||
contributors: rachelelysia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
This setting can generate a security audit in the Security event log when the log reaches a user-defined threshold.
|
||||
resolution: |
|
||||
To establish the recommended configuration via GP, set the following UI path to Enabled: 90% or less:
|
||||
'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning'
|
||||
Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Security\WarningLevel' AND data <= 90);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.13, CIS_group_policy_template_required
|
||||
contributors: rachelelysia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'Turn off multicast name resolution' is set to 'Enabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
|
|
@ -3164,7 +3416,7 @@ spec:
|
|||
To establish the recommended configuration via GP, set the following UI path to Disabled:
|
||||
'Computer Configuration\Policies\Administrative Templates\Network\Lanman Workstation\Enable insecure guest logons'
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth' AND data = 0);
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth' AND data = 0);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.8.1
|
||||
contributors: DefensiveDepth
|
||||
|
|
@ -3221,7 +3473,7 @@ spec:
|
|||
To establish the recommended configuration via GP, set the following UI path to Enabled:
|
||||
'Computer Configuration\Policies\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Turn off Microsoft Peer-to-Peer Networking Services'
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet\Disabled' AND data = 1);
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet\Disabled' AND data = 1);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.10.2
|
||||
contributors: DefensiveDepth
|
||||
|
|
@ -3240,7 +3492,7 @@ spec:
|
|||
To establish the recommended configuration via GP, set the following UI path to Enabled:
|
||||
'Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Prohibit installation and configuration of Network Bridge on your DNS domain network'
|
||||
query: |
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA' AND data = 0);
|
||||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA' AND data = 0);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.11.2
|
||||
contributors: DefensiveDepth
|
||||
|
|
@ -3249,7 +3501,7 @@ apiVersion: v1
|
|||
kind: policy
|
||||
spec:
|
||||
name: >
|
||||
CIS - Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'
|
||||
CIS - Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'
|
||||
platforms: win10
|
||||
platform: windows
|
||||
description: |
|
||||
|
|
@ -5232,4 +5484,4 @@ spec:
|
|||
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\System\DisableAutomaticRestartSignOn' AND data = 1);
|
||||
purpose: Informational
|
||||
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.91.1
|
||||
contributors: rachelelysia
|
||||
contributors: rachelelysia
|
||||
|
|
|
|||
Loading…
Reference in a new issue