diff --git a/ee/cis/win-10/cis-policy-queries.yml b/ee/cis/win-10/cis-policy-queries.yml
index 0f46241cc2..f9a52503b4 100644
--- a/ee/cis/win-10/cis-policy-queries.yml
+++ b/ee/cis/win-10/cis-policy-queries.yml
@@ -15,7 +15,7 @@ spec:
query: |
SELECT 1 FROM security_profile_info WHERE password_history_size >= 24;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -33,7 +33,7 @@ spec:
query: |
SELECT 1 FROM security_profile_info WHERE (maximum_password_age <= 365 AND maximum_password_age != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -52,7 +52,7 @@ spec:
query: |
SELECT 1 FROM security_profile_info WHERE minimum_password_age >= 1;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.3
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -70,7 +70,7 @@ spec:
query: |
SELECT 1 FROM security_profile_info WHERE minimum_password_length >= 14;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.4
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -90,7 +90,7 @@ spec:
query: |
SELECT 1 FROM security_profile_info WHERE password_complexity = 1;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.5
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -108,7 +108,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SAM\\RelaxMinimumPasswordLengthLimits' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.6
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -129,7 +129,7 @@ spec:
query: |
SELECT 1 FROM security_profile_info WHERE clear_text_password = 0;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.7
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -150,7 +150,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "1.2.1" and CAST(value as integer) >= 15;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.2.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -170,7 +170,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "1.2.2" and CAST(value as integer) <= 5 and CAST(value as integer) > 0;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.2.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -191,7 +191,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "1.2.3" and CAST(value as integer) >= 15;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.2.3
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -211,7 +211,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/AccessCredentialManagerAsTrustedCaller
"
AND mdm_command_output = "";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.1
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -231,7 +231,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/AccessFromNetwork
"
AND mdm_command_output LIKE "Administrators_REMOTE INTERACTIVE LOGON";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.2, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: sharon-fdm
---
apiVersion: v1
@@ -251,7 +251,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Config/UserRights/ActAsPartOfTheOperatingSystem
" AND mdm_command_output = "";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.3
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -270,7 +270,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "2.2.4" AND (regex_match(value,".*(?=.*Administrators)(?=.*LOCAL SERVICE)(?=.*NETWORK SERVICE).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.4, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -296,7 +296,7 @@ spec:
mdm_command_output LIKE "Users_Administrators"
);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.5, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: sharon-fdm
---
apiVersion: v1
@@ -318,7 +318,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "2.2.6" AND (regex_match(value,".*(?=.*Administrators)(?=.*Remote Desktop Users).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.6, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -338,7 +338,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/BackupFilesAndDirectories
" AND mdm_command_output = "Administrators";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.7, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: sharon-fdm
---
apiVersion: v1
@@ -359,7 +359,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/ChangeSystemTime
" AND mdm_command_output LIKE "Administrators%" AND mdm_command_output LIKE "%LOCAL SERVICE";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.8, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -377,7 +377,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "2.2.9" AND (regex_match(value,".*(?=.*Administrators)(?=.*Users)(?=.*LOCAL SERVICE).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.9, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -395,7 +395,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/ChangeSystemTime
" AND mdm_command_output LIKE "%Administrators%";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.10, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -413,7 +413,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/CreateToken
" AND mdm_command_output == "";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.11
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -431,7 +431,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/CreateGlobalObjects
" AND (regex_match(mdm_command_output,".*(Administrators|LOCAL SERVICE|NETWORK SERVICE|([^\w\s]SERVICE)).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.12, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -451,7 +451,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/CreatePermanentSharedObjects
" AND mdm_command_output == "";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.13
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -479,7 +479,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/CreateSymbolicLinks
" AND (regex_match(mdm_command_output,".*(Administrators|Virtual Machines).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.14, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -500,7 +500,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/DebugPrograms
" AND mdm_command_output == "Administrators";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.15, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -522,7 +522,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/DenyAccessFromNetwork
" AND (regex_match(mdm_command_output,".*(Guest).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.16, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -541,7 +541,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "2.2.17" AND (regex_match(value,".*(?=.*Guests).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.17, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -560,7 +560,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "2.2.18" AND (regex_match(value,".*(?=.*Guests).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.18, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -580,7 +580,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/DenyLocalLogOn
" AND (regex_match(mdm_command_output,".*(Guest).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.19, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -598,7 +598,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/DenyRemoteDesktopServicesLogOn
" AND (regex_match(mdm_command_output,".*(Guest).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.20, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -616,7 +616,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/EnableDelegation
" AND mdm_command_output == "";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.21
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -638,7 +638,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/RemoteShutdown
" AND mdm_command_output == "Administrators";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.22, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -656,7 +656,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/GenerateSecurityAudits
" AND (regex_match(mdm_command_output,".*(LOCAL SERVICE|NETWORK SERVICE).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.23, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -678,7 +678,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/ImpersonateClient
" AND (regex_match(mdm_command_output,".*(Administrators|LOCAL SERVICE|NETWORK SERVICE|([^\w\s]SERVICE)).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.24, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -698,7 +698,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/IncreaseSchedulingPriority
" AND (regex_match(mdm_command_output,".*(Administrators|Window Manager Group).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.25, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -719,7 +719,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/LoadUnloadDeviceDrivers
" AND mdm_command_output == "Administrators";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.26, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -737,7 +737,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/LockMemory
" AND mdm_command_output == "";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.27
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -759,7 +759,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "2.2.28" AND (regex_match(value,".*(?=.*Administrators).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.28, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -781,7 +781,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "2.2.29" AND value = ",";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.29, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -799,7 +799,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/ManageAuditingAndSecurityLog
" AND mdm_command_output == "Administrators";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.30, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -819,7 +819,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/ModifyObjectLabel
" AND mdm_command_output == "";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.31
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -839,7 +839,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/ModifyFirmwareEnvironment
" AND mdm_command_output == "Administrators";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.32, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -857,7 +857,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "2.2.33" AND (regex_match(value,".*(?=.*Administrators).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.33, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -880,7 +880,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/ProfileSingleProcess
" AND mdm_command_output == "Administrators";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.34, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -900,7 +900,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "2.2.35" AND (regex_match(value,".*(?=.*Administrators)(?=.*WdiServiceHost).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.35, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -919,7 +919,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "2.2.36" AND (regex_match(value,".*(?=.*LOCAL SERVICE)(?=.*NETWORK SERVICE).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.36, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -941,7 +941,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/RestoreFilesAndDirectories
" AND mdm_command_output == "Administrators";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.37, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -960,7 +960,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "2.2.38" AND (regex_match(value,".*(?=.*Administrators)(?=.*Users).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.38, english-support-only
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -979,25 +979,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/UserRights/TakeOwnership
" AND mdm_command_output == "Administrators";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.39, english-support-only
- contributors: marcosd4h
----
-apiVersion: v1
-kind: policy
-spec:
- name: CIS - Ensure 'Accounts Administrator account status' is set to 'Disabled'
- platforms: win10
- platform: windows
- description: |
- This policy setting enables or disables the Administrator account during normal operation.
- resolution: |
- Automatic method:
- Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Disabled':
- 'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Administrator account status'
- query: |
- SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
" AND mdm_command_output == 0;
- purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.1.1
+ tags: compliance, CIS, CIS_Level1, english-support-only
contributors: marcosd4h
---
apiVersion: v1
@@ -1015,7 +997,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\NoConnectedUser' AND data == 3);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.1.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1033,7 +1015,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus
" and mdm_command_output == 0;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.1.3
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1051,7 +1033,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\LimitBlankPasswordUse' AND data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.1.4
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1071,7 +1053,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
" and mdm_command_output != "Administrator";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.1.5
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1091,7 +1073,7 @@ spec:
query: |
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
" and mdm_command_output != "Guest";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.1.6
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1109,7 +1091,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\SCENoApplyLegacyAuditPolicy' AND data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.2.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1130,7 +1112,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\crashonauditfail' AND data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.2.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1150,7 +1132,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Print\\Providers\\LanManPrint Services\\Servers\\AddPrinterDrivers' AND data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.4.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1175,7 +1157,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal' AND data != 0;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.6.1
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -1200,7 +1182,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel' AND data != 0;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.6.2
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -1226,7 +1208,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.6.3
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -1255,7 +1237,7 @@ spec:
SELECT 1 FROM registry WHERE
path = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange' AND data = 0;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.6.4
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -1285,7 +1267,7 @@ spec:
path = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge'
AND data <= 30 AND data != 0;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.6.5
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -1316,7 +1298,7 @@ spec:
SELECT 1 FROM registry WHERE
path = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey' AND data != 0;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.6.5
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -1334,7 +1316,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableCAD' AND data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1354,7 +1336,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\dontdisplaylastusername' AND data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1372,7 +1354,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\MaxDevicePasswordFailedAttempts' AND data <= 10 AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.3
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1390,7 +1372,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\InactivityTimeoutSecs' AND data <= 900 AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.4
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1411,7 +1393,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\legalnoticetext' AND data != "");
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.5
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1432,7 +1414,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\legalnoticecaption' AND data != "");
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.6
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1452,7 +1434,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\PasswordExpiryWarning' AND CAST(data AS INTEGER) >= 5 AND CAST(data AS INTEGER) <= 14);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.7
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1471,7 +1453,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\scremoveoption' AND CAST(data AS INTEGER) >= 1 AND CAST(data AS INTEGER) <= 3);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.8
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1489,7 +1471,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters\\RequireSecuritySignature' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.8.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1507,7 +1489,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters\\EnableSecuritySignature' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.8.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1525,7 +1507,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters\\EnablePlainTextPassword' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.8.3
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1546,7 +1528,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\\Services\\LanManServer\\Parameters\\autodisconnect' AND CAST(data AS INTEGER) <= 15 AND CAST(data AS INTEGER) >= 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.9.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1566,7 +1548,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\\Services\\LanManServer\\Parameters\\requiresecuritysignature' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.9.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1586,7 +1568,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\\Services\\LanManServer\\Parameters\\enablesecuritysignature' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.9.3
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1606,7 +1588,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\\Services\\LanManServer\\Parameters\\enableforcedlogoff' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.9.4
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1626,7 +1608,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\\Services\\LanManServer\\Parameters\\SmbServerNameHardeningLevel' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.9.5
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1646,7 +1628,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "2.3.10.1" AND value = "0";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.10.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1668,7 +1650,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\restrictanonymoussam' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.10.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -1689,7 +1671,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\restrictanonymous' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.10.3
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -1709,7 +1691,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\disabledomaincreds' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.10.4
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -1728,7 +1710,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\everyoneincludesanonymous' AND data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.10.5
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -1748,7 +1730,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanManServer\\Parameters\NullSessionPipes' and data == '');
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.10.6
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -1771,7 +1753,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurePipeServers\\Winreg\\AllowedExactPaths\Machine' and data == 'System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion');
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.10.7
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -1802,7 +1784,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurePipeServers\\Winreg\\AllowedPaths\Machine' and data == 'System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog');
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.10.8
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -1827,7 +1809,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanManServer\\Parameters\restrictnullsessaccess' and data == '1');
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.10.9
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -1846,7 +1828,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\RestrictRemoteSAM' and (data == '' or data == 'O:BAG:BAD:'));
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.10.10
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -1867,7 +1849,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanManServer\\Parameters\NullSessionShares' and data == '');
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.10.11
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -1890,7 +1872,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\forceguest' AND data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.10.12
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -1908,7 +1890,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\UseMachineId' COLLATE NOCASE AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1926,7 +1908,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\allownullsessionfallback' COLLATE NOCASE AND data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1944,7 +1926,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\pku2u\\AllowOnlineID' COLLATE NOCASE AND data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.3
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1962,7 +1944,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters\\SupportedEncryptionTypes' COLLATE NOCASE AND ((CAST(data AS INTEGER) & 0x8) AND (CAST(data AS INTEGER) & 0x10) AND (CAST(data AS INTEGER) & 0xe0) AND ((CAST(data AS INTEGER) & 0x1) = 0) AND ((CAST(data AS INTEGER) & 0x2) = 0) AND ((CAST(data AS INTEGER) & 0x4) = 0)));
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.4
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -1984,7 +1966,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\NoLmHash' COLLATE NOCASE AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.5
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2004,7 +1986,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "2.3.11.6" AND value = "1";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.6
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2026,7 +2008,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\LmCompatibilityLevel' COLLATE NOCASE AND data == 5);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.7
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2044,7 +2026,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ldap\\ldapclientintegrity' AND data >= 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.8
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2062,7 +2044,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\ForceKeyProtection' AND CAST(data AS INTEGER) >= 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.14.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2087,7 +2069,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\kernel\\obcaseinsensitive' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.15.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2109,7 +2091,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\ProtectionMode' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.15.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2128,7 +2110,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\FilterAdministratorToken' AND data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.17.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -2147,7 +2129,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\ConsentPromptBehaviorAdmin' AND data == 2);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.17.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -2166,7 +2148,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\ConsentPromptBehaviorUser' AND data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.17.3
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -2185,7 +2167,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\EnableInstallerDetection' and data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.17.4
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -2206,7 +2188,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\EnableSecureUIAPaths' and data == '1');
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.17.5
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -2225,7 +2207,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\EnableLUA' and data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.17.6
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -2244,7 +2226,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\PromptOnSecureDesktop' and data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.17.7
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -2267,7 +2249,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\EnableVirtualization' and data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.17.8
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -2286,7 +2268,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BTAGService\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.1
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2305,7 +2287,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\bthserv\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.2
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2327,7 +2309,7 @@ spec:
OR
EXISTS ( SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Browser\\Start' AND data == 4 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.3
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -2345,7 +2327,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MapsBroker\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.4
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2364,7 +2346,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\lfsvc\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.5
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2389,7 +2371,7 @@ spec:
OR
EXISTS ( SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IISADMIN\\Start' AND data == 4 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.6
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -2411,7 +2393,7 @@ spec:
OR
EXISTS ( SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\irmon\\Start' AND data == 4 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.7
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -2430,7 +2412,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.8
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -2449,7 +2431,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\lltdsvc\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.9
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2472,7 +2454,7 @@ spec:
OR
EXISTS ( SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LxssManager\\Start' AND data == 4 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.10
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -2495,7 +2477,7 @@ spec:
OR
EXISTS ( SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FTPSVC\\Start' AND data == 4 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.11
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -2514,7 +2496,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSiSCSI\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.12
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2537,7 +2519,7 @@ spec:
OR
EXISTS ( SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sshd\\Start' AND data == 4 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.13
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -2556,7 +2538,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PNRPsvc\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.14
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2575,7 +2557,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\p2psvc\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.15
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2594,7 +2576,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\p2pimsvc\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.16
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2613,7 +2595,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PNRPAutoReg\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.17
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2632,7 +2614,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Spooler\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.18
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2651,7 +2633,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wercplsupport\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.19
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2670,7 +2652,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasAuto\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.20
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2689,7 +2671,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SessionEnv\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.21
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2708,7 +2690,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TermService\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.22
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -2726,7 +2708,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\UmRdpService\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.23
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -2746,7 +2728,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RpcLocator\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.24
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2764,7 +2746,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RemoteRegistry\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.25
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -2782,7 +2764,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RemoteAccess\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.26
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2800,7 +2782,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.27
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -2822,7 +2804,7 @@ spec:
ELSE 0
END AS result;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.28
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2844,7 +2826,7 @@ spec:
ELSE 0
END AS result;
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.29
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -2866,7 +2848,7 @@ spec:
ELSE 0
END AS result;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.30
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2885,7 +2867,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SSDPSRV\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.31
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2903,7 +2885,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\upnphost\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.32
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2925,7 +2907,7 @@ spec:
ELSE 0
END AS result;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.33
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -2945,7 +2927,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WerSvc\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.34
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -2965,7 +2947,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Wecsvc\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.35
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -2987,7 +2969,7 @@ spec:
ELSE 0
END AS result;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.36
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -3005,7 +2987,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\icssvc\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.37
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -3023,7 +3005,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WpnService\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.38
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -3041,7 +3023,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PushToInstall\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.39
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -3061,7 +3043,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinRM\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_5.40
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -3083,7 +3065,7 @@ spec:
ELSE 0
END AS result;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.41
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -3101,7 +3083,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\XboxGipSvc\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.42
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -3119,7 +3101,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\XblAuthManager\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.43
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -3137,7 +3119,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\XblGameSave\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.44
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -3155,7 +3137,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\XboxNetApiSvc\\Start' AND data == 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_5.45
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -3174,7 +3156,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall' and data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.1.1
+ tags: compliance, CIS, CIS_Level1
contributors: DefensiveDepth
---
apiVersion: v1
@@ -3193,7 +3175,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\\Policies\\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction' and data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.1.2
+ tags: compliance, CIS, CIS_Level1
contributors: DefensiveDepth
---
apiVersion: v1
@@ -3212,7 +3194,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundAction' and data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.1.3
+ tags: compliance, CIS, CIS_Level1
contributors: DefensiveDepth
---
apiVersion: v1
@@ -3231,7 +3213,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DisableNotifications' and data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.1.4
+ tags: compliance, CIS, CIS_Level1
contributors: DefensiveDepth
---
apiVersion: v1
@@ -3250,7 +3232,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogFilePath' and data = '%SystemRoot%\System32\logfiles\firewall\domainfw.log');
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.1.5
+ tags: compliance, CIS, CIS_Level1
contributors: DefensiveDepth
---
apiVersion: v1
@@ -3269,7 +3251,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\\Microsoft\WindowsFirewall\DomainProfile\Logging\LogFileSize' and CAST(data as integer) >= 16384 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.1.6
+ tags: compliance, CIS, CIS_Level1
contributors: DefensiveDepth
---
apiVersion: v1
@@ -3288,7 +3270,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogDroppedPackets' and data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.1.7
+ tags: compliance, CIS, CIS_Level1
contributors: DefensiveDepth
---
apiVersion: v1
@@ -3307,7 +3289,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\LogSuccessfulConnections' and data = 1 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.1.8
+ tags: compliance, CIS, CIS_Level1
contributors: DefensiveDepth
---
apiVersion: v1
@@ -3326,7 +3308,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\EnableFirewall' and data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.2.1
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3345,7 +3327,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\DefaultInboundAction' and data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.2.2
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3364,7 +3346,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\DefaultOutboundAction' and data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.2.3
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3383,7 +3365,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\DisableNotifications' and data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.2.4
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3402,7 +3384,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\\Logging\LogFilePath' AND data ='%systemroot%\system32\logfiles\firewall\pfirewall.log');
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.2.5
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3421,7 +3403,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\\Logging\LogFileSize' and CAST(data AS INTEGER) >= 16384 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.2.6
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3440,7 +3422,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\\Logging\LogDroppedPackets' and data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.2.7
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3459,7 +3441,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\\Logging\LogSuccessfulConnections' and data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.2.8
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3478,7 +3460,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\EnableFirewall' and data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.3.1
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3497,7 +3479,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\DefaultInboundAction' and data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.3.2
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3516,7 +3498,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\DefaultOutboundAction' and data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.3.3
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3535,7 +3517,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\DisableNotifications' and data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.3.4
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3554,7 +3536,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\AllowLocalPolicyMerge' and data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.3.5
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3573,7 +3555,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\AllowLocalIPsecPolicyMerge' and data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.3.6
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3592,7 +3574,7 @@ spec:
query: |
SELECT * FROM registry WHERE (key = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\\Logging\LogFilePath' and data == '%SystemRoot%\System32\logfiles\firewall\publicfw.log');
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.3.7
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3611,7 +3593,7 @@ spec:
query: |
SELECT * FROM registry WHERE (key = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\\Logging\LogFileSize' and data >= 16384 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.3.8
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3632,7 +3614,7 @@ spec:
query: |
SELECT * FROM registry WHERE (key = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\\Logging\LogDroppedPackets' and data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.3.9
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3651,7 +3633,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (key = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\\Logging\LogSuccessfulConnections' and data == 1 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_9.3.10
+ tags: compliance, CIS, CIS_Level1
contributors: RachelElysia
---
apiVersion: v1
@@ -3672,7 +3654,7 @@ spec:
"1- ./Device/Vendor/MSFT/Policy/Result/Audit/AccountLogon_AuditCredentialValidation
"
AND mdm_command_output = "3";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.1.1
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -3693,7 +3675,7 @@ spec:
"1- ./Device/Vendor/MSFT/Policy/Result/Audit/AccountManagement_AuditApplicationGroupManagement
"
AND mdm_command_output = "3";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.2.1
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -3714,7 +3696,7 @@ spec:
"1- ./Device/Vendor/MSFT/Policy/Result/Audit/AccountManagement_AuditSecurityGroupManagement
"
AND (mdm_command_output = "1" OR mdm_command_output = "3");
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.2.2
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -3736,7 +3718,7 @@ spec:
"1- ./Device/Vendor/MSFT/Policy/Result/Audit/AccountManagement_AuditUserAccountManagement
"
AND mdm_command_output = "3";
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.2.3
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -3759,7 +3741,7 @@ spec:
"1- ./Device/Vendor/MSFT/Policy/Result/Audit/DetailedTracking_AuditPNPActivity
"
AND (mdm_command_output = "1" OR mdm_command_output = "3");
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.3.1
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -3780,7 +3762,7 @@ spec:
"1- ./Device/Vendor/MSFT/Policy/Result/Audit/DetailedTracking_AuditProcessCreation
"
AND (mdm_command_output = "1" OR mdm_command_output = "3");
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.3.2
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -3799,7 +3781,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "17.5.1" AND (regex_match(value,".*(?=.*Failure).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.5.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -3817,7 +3799,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "17.5.2" AND (regex_match(value,".*(?=.*Success).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.5.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -3837,7 +3819,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "17.5.3" AND (regex_match(value,".*(?=.*Success).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.5.3
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -3859,7 +3841,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "17.5.4" AND (regex_match(value,".*(?=.*Success)(?=.*Failure).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.5.4
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -3887,7 +3869,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "17.5.5" AND (regex_match(value,".*(?=.*Success)(?=.*Failure).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.5.5
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -3906,7 +3888,7 @@ spec:
query: |
SELECT 1 FROM cis_audit where item = "17.5.6" AND (regex_match(value,".*(?=.*Success).*",0) is not null);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.5.6
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -3927,7 +3909,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/ObjectAccess_AuditDetailedFileShare
"
AND (mdm_command_output = 2 OR mdm_command_output = 3);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.6.1
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -3947,7 +3929,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/ObjectAccess_AuditFileShare
"
AND mdm_command_output = 3;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.6.2
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -3977,7 +3959,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/ObjectAccess_AuditOtherObjectAccessEvents
"
AND mdm_command_output = 3;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.6.3
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -3997,7 +3979,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/ObjectAccess_AuditRemovableStorage
"
AND mdm_command_output = 3;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.6.4
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4026,7 +4008,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/PolicyChange_AuditPolicyChange
"
AND (mdm_command_output = 1 OR mdm_command_output = 3);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.7.1
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4057,7 +4039,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/PolicyChange_AuditAuthenticationPolicyChange
"
AND (mdm_command_output = 1 OR mdm_command_output = 3);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.7.2
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4082,7 +4064,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/PolicyChange_AuditAuthorizationPolicyChange
"
AND (mdm_command_output = 1 OR mdm_command_output = 3);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.7.3
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4116,7 +4098,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/PolicyChange_AuditMPSSVCRuleLevelPolicyChange
"
AND mdm_command_output = 3;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.7.4
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4153,7 +4135,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/PrivilegeUse_AuditSensitivePrivilegeUse
"
AND mdm_command_output = 3;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.8.1
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4184,7 +4166,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/System_AuditIPsecDriver
"
AND mdm_command_output = 3;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.9.1
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4217,7 +4199,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/System_AuditOtherSystemEvents
"
AND mdm_command_output = 3;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.9.2
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4242,7 +4224,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/System_AuditSecurityStateChange
"
AND (mdm_command_output = 3 OR mdm_command_output = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.9.3
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4267,7 +4249,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/System_AuditSecuritySystemExtension
"
AND (mdm_command_output = 3 OR mdm_command_output = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.9.4
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4297,7 +4279,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/System_AuditSystemIntegrity
"
AND mdm_command_output = 3;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.9.5
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4327,7 +4309,7 @@ spec:
SELECT 1 FROM mdm_bridge where mdm_command_input = "1- ./Device/Vendor/MSFT/Policy/Result/Audit/PolicyChange_AuditOtherPolicyChangeEvents
"
AND (mdm_command_output = 2 OR mdm_command_output = 3);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_17.7.5
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4346,7 +4328,7 @@ spec:
query: |
SELECT 1 FROM registry where (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization\NoLockScreenCamera' AND data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.1.1.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -4365,7 +4347,7 @@ spec:
query: |
SELECT 1 FROM registry where (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization\NoLockScreenSlideshow' AND data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.1.1.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -4384,7 +4366,7 @@ spec:
query: |
SELECT 1 FROM registry where (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization\AllowInputPersonalization' AND data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.1.2.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -4403,7 +4385,7 @@ spec:
query: |
SELECT 1 FROM registry where (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\AllowOnlineTips' AND data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.1.3
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -4425,7 +4407,7 @@ spec:
query: |
SELECT 1 FROM registry where path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{D76B9641-3288-4f75-942D-087DE603E3EA}\DllName';
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.2.1
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4447,7 +4429,7 @@ spec:
query: |
SELECT 1 FROM registry where path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd\PwdExpirationProtectionEnabled' AND data = 1;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.2.2
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4469,7 +4451,7 @@ spec:
query: |
SELECT 1 FROM registry where path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft Services\\AdmPwd\\AdmPwdEnabled' AND data = 1;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.2.3
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4490,7 +4472,7 @@ spec:
query: |
SELECT 1 FROM registry where path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\Microsoft Services\\AdmPwd\\PasswordComplexity' AND data = 4;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.2.4
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4511,7 +4493,7 @@ spec:
query: |
SELECT 1 FROM registry where path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\Microsoft Services\\AdmPwd\\PasswordLength' AND data >= 15;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.2.5
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4533,7 +4515,7 @@ spec:
query: |
SELECT 1 FROM registry where path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\Microsoft Services\\AdmPwd\\PasswordAgeDays' AND data <= 30;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.2.6
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -4556,7 +4538,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\LocalAccountTokenFilterPolicy' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.3.1, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4575,7 +4557,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MrxSmb10\Start' AND data = 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.3.2, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4594,7 +4576,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters\SMB1' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.3.3, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4613,26 +4595,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\kernel\DisableExceptionChainValidation' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.3.4, CIS_group_policy_template_required
- contributors: rachelelysia
----
-apiVersion: v1
-kind: policy
-spec:
- name: >
- CIS - Ensure 'Limits print driver installation to Administrators' is set to 'Enabled'
- platforms: win10
- platform: windows
- description: |
- This policy setting controls whether users that aren't Administrators can install print drivers on the system.
- resolution: |
- To establish the recommended configuration via GP, set the following UI path to Enabled.
- 'Computer Configuration\Policies\Administrative Templates\MS Security Guide\Limits print driver installation to Administrators'
- Note: This Group Policy path does not exist by default. An additional Group Policy template (SecGuide.admx/adml) is required - it is available from Microsoft at this link (https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1903-and-windows-server/ba-p/701084).
- query: |
- SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\RestrictDriverInstallationToAdministrators' AND data = 1);
- purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.3.5, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4656,7 +4619,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\NodeType' AND data = 2);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.3.6, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4677,7 +4640,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest\UseLogonCredential' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.3.7, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4696,11 +4659,30 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\AutoAdminLogon' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.1, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Configure RPC packet level privacy setting for incoming connections' is set to 'Enabled'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting controls packet level privacy for Remote Procedure Call (RPC) incoming connections.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled':
+ 'Computer Configuration\Policies\Administrative Templates\MS Security Guide\Configure RPC packet level privacy setting for incoming connections'
+ Note: This Group Policy path does not exist by default. An additional Group Policy template (SecGuide.admx/adml) is required - it is available from Microsoft.
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Print\\RpcAuthnLevelPrivacyEnabled' AND (data = 1));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
+ contributors: defensivedepth
+---
+apiVersion: v1
+kind: policy
spec:
name: >
CIS - Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'
@@ -4715,7 +4697,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\DisableIPSourceRouting' AND data = 2);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.2, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4734,7 +4716,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\DisableIPSourceRouting' AND data = 2);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.3, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4753,7 +4735,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasMan\\Parameters\DisableSavePassword' AND data = 2);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.4, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4772,27 +4754,27 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\EnableICMPRedirect' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.5, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
kind: policy
spec:
name: >
- CIS - Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'
+ CIS - Ensure 'LSA Protection' is set to 'Enabled'
platforms: win10
platform: windows
description: |
- This value controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote computer is still reachable, it acknowledges the keep-alive packet.
+ This policy setting controls whether the Local Security Authority Server Service (LSASS) process runs protected. The Local Security Authority (LSA), which includes the Local Security Authority Server Service (LSASS) process, validates users for local and remote sign-ins and enforces local security policies.
resolution: |
- To establish the recommended configuration via GP, set the following UI path to 'Enabled: 300,000 or 5 minutes (recommended)':
- 'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds'
- Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled':
+ 'Computer Configuration\Policies\Administrative Templates\MS Security Guide\LSA Protection'
+ Note: This Group Policy path does not exist by default. An additional Group Policy template (SecGuide.admx/adml) is required - it is available from Microsoft.
query: |
- SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\KeepAliveTime' AND data = 300000);
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\RunAsPPL' AND (data = 1));
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.6, CIS_group_policy_template_required
- contributors: rachelelysia
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
+ contributors: DefensiveDepth
---
apiVersion: v1
kind: policy
@@ -4810,7 +4792,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\NoNameReleaseOnDemand' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.7, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4829,7 +4811,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\PerformRouterDiscovery' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.8, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4853,7 +4835,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\SafeDllSearchMode' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.9, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4872,7 +4854,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\ScreenSaverGracePeriod' AND data <= 5);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.10, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4891,7 +4873,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TCPIP6\\Parameters\TcpMaxDataRetransmissions' AND data = 3);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.11, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4910,7 +4892,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\TcpMaxDataRetransmissions' AND data = 3);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.12, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -4929,31 +4911,11 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Security\WarningLevel' AND data <= 90);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.4.13, CIS_group_policy_template_required
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
kind: policy
-spec:
- name: >
- CIS - Ensure 'Configure DNS over HTTPS (DoH) name resolution' is set to 'Enabled: Allow DoH' or higher
- platforms: win11
- platform: windows
- description: |
- This policy is meant for Windows 11.
- This setting determines if DNS over HTTPS (DoH) is used by the system. DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution over the Hypertext Transfer Protocol Secure (HTTPS). For additional information on DNS over HTTPS (DoH), visit: Secure DNS Client over HTTPS (DoH) on Windows Server 2022 | Microsoft Docs.
- The recommended state for this setting is: 'Enabled: Allow DoH'. Configuring this setting to 'Enabled: Require DoH' also conforms to the benchmark.
- resolution: |
- To establish the recommended configuration via GP, set the following UI path to Enabled: Allow DoH (configuring to Enabled: Require DoH also conforms to the benchmark):
- 'Computer Configuration\Policies\Administrative Templates\Network\DNS Client\Configure DNS over HTTPS (DoH) name resolution'
- query: |
- SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DoHPolicy' AND data = 2);
- purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.4.1
- contributors: marcosd4h
----
-apiVersion: v1
-kind: policy
spec:
name: >
CIS - Ensure 'Turn off multicast name resolution' is set to 'Enabled'
@@ -4968,7 +4930,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.4.2
+ tags: compliance, CIS, CIS_Level1
contributors: DefensiveDepth
---
apiVersion: v1
@@ -4987,11 +4949,30 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\EnableFontProviders' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.5.1
+ tags: compliance, CIS, CIS_Level2
contributors: DefensiveDepth
---
apiVersion: v1
kind: policy
+spec:
+ name: >
+ CIS - Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'
+ platforms: win10
+ platform: windows
+ description: |
+ This value controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote computer is still reachable, it acknowledges the keep-alive packet.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled: 300,000 or 5 minutes (recommended)':
+ 'Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds'
+ Note: This Group Policy path does not exist by default. An additional Group Policy template (MSS-legacy.admx/adml) is required - it is available from the Security Compliance Toolkit 1.0 (https://www.microsoft.com/en-us/download/details.aspx?id=55319)
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\KeepAliveTime' AND data = 300000);
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
+ contributors: rachelelysia
+---
+apiVersion: v1
+kind: policy
spec:
name: >
CIS - Ensure 'Enable insecure guest logons' is set to 'Disabled'
@@ -5006,7 +4987,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation\AllowInsecureGuestAuth' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.8.1
+ tags: compliance, CIS, CIS_Level1
contributors: DefensiveDepth
---
apiVersion: v1
@@ -5025,7 +5006,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD\EnableLLTDIO' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.9.1
+ tags: compliance, CIS, CIS_Level2
contributors: DefensiveDepth
---
apiVersion: v1
@@ -5044,7 +5025,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD\EnableRspndr' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.9.2
+ tags: compliance, CIS, CIS_Level2
contributors: DefensiveDepth
---
apiVersion: v1
@@ -5063,7 +5044,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet\Disabled' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.10.2
+ tags: compliance, CIS, CIS_Level2
contributors: DefensiveDepth
---
apiVersion: v1
@@ -5082,7 +5063,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.11.2
+ tags: compliance, CIS, CIS_Level1
contributors: DefensiveDepth
---
apiVersion: v1
@@ -5101,7 +5082,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections\NC_ShowSharedAccessUI' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.11.3
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -5120,7 +5101,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.11.4
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -5138,7 +5119,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Printers\RegisterSpoolerRemoteRpcEndPoint' AND data = 2);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.6.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -5156,7 +5137,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Printers\PointAndPrint\\NoWarningNoElevationOnInstall' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.6.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -5174,11 +5155,29 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Printers\PointAndPrint\\UpdatePromptSettings' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.6.3
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Configure NetBIOS settings' is set to 'Enabled: Disable NetBIOS name resolution on public networks'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting specifies if the Domain Name System (DNS) client will perform name resolution over Network Basic Input/Output System (NetBIOS). NetBIOS is a legacy name resolution method for internal Microsoft networking that predates the use of DNS for that purpose (pre–Active Directory). Some legacy applications still require the use of NetBIOS for full functionality.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled: Disable NetBIOS name resolution on public networks':
+ 'Computer Configuration\Policies\Administrative Templates\Network\DNS Client\Configure NetBIOS settings'
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\DNSClient\\EnableNetbios' AND (data = 0));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
spec:
name: >
CIS - Ensure 'Turn off notifications network usage' is set to 'Enabled'
@@ -5192,7 +5191,140 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications\NoCloudApplicationNotification' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.7.1.1
+ tags: compliance, CIS, CIS_Level2
+ contributors: rachelelysia
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting determines whether Redirection Guard is enabled for the print spooler. Redirection Guard can prevent file redirections from being used within the print spooler.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled: Redirection Guard Enabled':
+ 'Computer Configuration\Policies\Administrative Templates\Printers\Configure Redirection Guard'
+ Note: This Group Policy path is provided by the Group Policy template Printing.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates (or newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\RedirectionGuardPolicy' AND (data = 1));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Configure RPC connection settings: Protocol to use for outgoing RPC connections' is set to 'Enabled: RPC over TCP'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting controls which protocol and protocol settings to use for outgoing Remote Procedure Call (RPC) connections to a remote print spooler.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled: RPC over TCP':
+ 'Computer Configuration\Policies\Administrative Templates\Printers\Configure RPC connection settings: Protocol to use for outgoing RPC connections'
+ Note: This Group Policy path is provided by the Group Policy template Printing.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates (and newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\RPC\RpcUseNamedPipeProtocol' AND (data = 0));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Configure RPC connection settings: Use authentication for outgoing RPC connections' is set to 'Enabled: Default'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting controls which protocol and protocol settings to use for outgoing Remote Procedure Call (RPC) connections to a remote print spooler.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled: RPC over TCP':
+ 'Computer Configuration\Policies\Administrative Templates\Printers\Configure RPC connection settings: Use authentication for outgoing RPC connections'
+ Note: This Group Policy path is provided by the Group Policy template Printing.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates (and newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\RPC\RpcAuthentication' AND (data = 0));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Configure RPC listener settings: Protocols to allow for incoming RPC connections' is set to 'Enabled: RPC over TCP'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting controls which protocols incoming Remote Procedure Call (RPC) connections to the print spooler are allowed to use.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled: RPC over TCP':
+ 'Computer Configuration\Policies\Administrative Templates\Printers\Configure RPC listener settings: Configure protocol options for incoming RPC connections'
+ Note: This Group Policy path is provided by the Group Policy template Printing.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates (and newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\RPC\RpcProtocols' AND (data = 5));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Configure RPC listener settings: Authentication protocol to use for incoming RPC connections:' is set to 'Enabled: Negotiate' or higher
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting controls which protocols incoming Remote Procedure Call (RPC) connections to the print spooler are allowed to use.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled: Negotiate':
+ 'Computer Configuration\Policies\Administrative Templates\Printers\Configure RPC listener settings: Configure protocol options for incoming RPC connections'
+ Note: This Group Policy path is provided by the Group Policy template Printing.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates (and newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\RPC\ForceKerberosForRpc' AND (data = 0));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting manages how queue-specific files are processed during printer installation. At printer installation time, a vendor-supplied installation application can specify a set of files, of any type, to be associated with a particular print queue. The files are downloaded to each client that connects to the print server.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled: Limit Queue-specific files to Color profiles':
+ 'Computer Configuration\Policies\Administrative Templates\Printers\Manage processing of Queue-specific files'
+ Note: This Group Policy path is provided by the Group Policy template Printing.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates (and newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\CopyFilesPolicy' AND (data = 1));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Limits print driver installation to Administrators' is set to 'Enabled'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting controls whether users that aren't Administrators can install print drivers on the system.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to Enabled.
+ 'Computer Configuration\Policies\Administrative Templates\MS Security Guide\Limits print driver installation to Administrators'
+ Note: This Group Policy path does not exist by default. An additional Group Policy template (SecGuide.admx/adml) is required - it is available from Microsoft at this link (https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1903-and-windows-server/ba-p/701084).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\RestrictDriverInstallationToAdministrators' AND data = 1);
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5210,7 +5342,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Audit\ProcessCreationIncludeCmdLine_Enabled' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.3.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -5228,7 +5360,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\CredSSP\\Parameters\AllowEncryptionOracle' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.4.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -5246,7 +5378,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CredentialsDelegation\AllowProtectedCreds' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_NG, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.4.2
+ tags: compliance, CIS, CIS_NG
contributors: rachelelysia
---
apiVersion: v1
@@ -5264,7 +5396,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceGuard\EnableVirtualizationBasedSecurity' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_NG, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.5.1
+ tags: compliance, CIS, CIS_NG
contributors: rachelelysia
---
apiVersion: v1
@@ -5282,7 +5414,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceGuard\RequirePlatformSecurityFeatures' AND data = 3);
purpose: Informational
- tags: compliance, CIS, CIS_NG, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.5.2
+ tags: compliance, CIS, CIS_NG
contributors: rachelelysia
---
apiVersion: v1
@@ -5300,7 +5432,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceGuard\HypervisorEnforcedCodeIntegrity' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_NG, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.5.3
+ tags: compliance, CIS, CIS_NG
contributors: rachelelysia
---
apiVersion: v1
@@ -5318,7 +5450,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceGuard\HVCIMATRequired' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_NG, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.5.4
+ tags: compliance, CIS, CIS_NG
contributors: rachelelysia
---
apiVersion: v1
@@ -5336,7 +5468,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceGuard\LsaCfgFlags' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.5.5
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -5354,7 +5486,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceGuard\ConfigureSystemGuardLaunch' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_NG, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.5.6
+ tags: compliance, CIS, CIS_NG
contributors: rachelelysia
---
apiVersion: v1
@@ -5374,7 +5506,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\DenyDeviceIDs' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.7.1.1
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -5394,7 +5526,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\\DenyDeviceIDs\1' AND data = 'PCI\CC_0C0A');
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.7.1.2
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -5414,7 +5546,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\DenyDeviceIDsRetroactive' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.7.1.3
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -5434,7 +5566,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\DenyDeviceClasses' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.7.1.4
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -5454,7 +5586,7 @@ spec:
query: |
SELECT data FROM registry WHERE ((key = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\\DenyDeviceClasses\' AND data IN ('{d48179be-ec20-11d1-b6b8-00c04fa372a7}', '{7ebefbc0-3200-11d2-b4c2-00a0C9697d07}', '{c06ff265-ae09-48f0-812c-16753d7cba83}', '{6bdd1fc1-810f-11d0-bec7-08002be2092f}')) AND ((SELECT COUNT(*) FROM registry WHERE (key = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\\DenyDeviceClasses\' AND data IN ('{d48179be-ec20-11d1-b6b8-00c04fa372a7}', '{7ebefbc0-3200-11d2-b4c2-00a0C9697d07}', '{c06ff265-ae09-48f0-812c-16753d7cba83}', '{6bdd1fc1-810f-11d0-bec7-08002be2092f}'))))=4);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.7.1.5
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -5474,7 +5606,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions\DenyDeviceClassesRetroactive' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.7.1.6
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -5492,7 +5624,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Device Metadata\PreventDeviceMetadataFromNetwork' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.7.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -5516,7 +5648,7 @@ spec:
query: |
SELECT 1 FROM REGISTRY WHERE (PATH = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\EarlyLaunch\DriverLoadPolicy' AND data = 3);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.14.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -5535,7 +5667,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Group Policy\\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.21.2
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5554,7 +5686,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Group Policy\\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_domain_joined_required, CIS_bullet_18.8.21.3
+ tags: compliance, CIS, CIS_Level1, CIS_domain_joined_required
contributors: marcosd4h
---
apiVersion: v1
@@ -5573,7 +5705,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\EnableCdp' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_domain_joined_required, CIS_bullet_18.8.21.4
+ tags: compliance, CIS, CIS_Level1, CIS_domain_joined_required
contributors: marcosd4h
---
apiVersion: v1
@@ -5598,7 +5730,7 @@ spec:
NOT EXISTS ( SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableBkGndGroupPolicy' AND data = 1 )
);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_domain_joined_required, CIS_bullet_18.8.21.5
+ tags: compliance, CIS, CIS_Level1, CIS_domain_joined_required
contributors: marcosd4h
---
apiVersion: v1
@@ -5617,7 +5749,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\NoUseStoreOpenWith' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.1
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5636,7 +5768,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\DisableWebPnPDownload' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.2
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5656,7 +5788,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TabletPC\PreventHandwritingDataSharing' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.3
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5676,7 +5808,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\HandwritingErrorReports\PreventHandwritingErrorReports' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.4
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5695,7 +5827,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Internet Connection Wizard\ExitOnMSICW' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.5
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5714,7 +5846,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\NoWebServices' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.6
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5733,7 +5865,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\DisableHTTPPrinting' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.7
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5752,7 +5884,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Registration Wizard Control\NoRegistration' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.8
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5771,7 +5903,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SearchCompanion\DisableContentFileUpdates' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.9
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5791,7 +5923,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\NoOnlinePrintsWizard' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.10
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5809,7 +5941,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\NoPublishingWizard' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.11
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5827,7 +5959,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Messenger\\Client\CEIP' AND data = 2);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.12
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5846,7 +5978,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SQMClient\\Windows\CEIPEnable' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.13
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5864,7 +5996,7 @@ spec:
query: |
SELECT COUNT(*) FROM registry WHERE ((path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting\Disabled' AND data = 1) OR (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\PCHealth\\ErrorReporting\DoReport' AND data = 0))=2;
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.22.1.14
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5884,7 +6016,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\kerberos\\parameters\DevicePKInitBehavior' AND data = 0) AND (SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\kerberos\\parameters\DevicePKInitEnabled' AND data = 1));
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.25.1
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5903,7 +6035,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Kernel DMA Protection\DeviceEnumerationPolicy' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.26.1
+ tags: compliance, CIS, CIS_BitLocker, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5922,7 +6054,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Control Panel\\International\BlockUserInputMethodsForSignIn' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_group_policy_template_required, CIS_bullet_18.8.27.1
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
contributors: rachelelysia
---
apiVersion: v1
@@ -5940,7 +6072,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\BlockUserFromShowingAccountDetailsOnSignin' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.28.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -5958,7 +6090,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\DontDisplayNetworkSelectionUI' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.28.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -5976,7 +6108,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\DontEnumerateConnectedUsers' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.28.3
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -5994,7 +6126,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\EnumerateLocalUsers' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.28.4
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -6012,7 +6144,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\DisableLockScreenAppNotifications' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.28.5
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -6030,7 +6162,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\BlockDomainPicturePassword' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.28.6
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -6048,7 +6180,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\AllowDomainPINLogon' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.28.7
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -6066,7 +6198,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\AllowCrossDeviceClipboard' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.31.1
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -6084,7 +6216,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\UploadUserActivities' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.31.2
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -6102,7 +6234,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Power\\PowerSettings\\f15576e8-98b7-4186-b944-eafa664402d9\DCSettingIndex' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.34.6.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -6120,7 +6252,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Power\\PowerSettings\\f15576e8-98b7-4186-b944-eafa664402d9\ACSettingIndex' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.34.6.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -6138,7 +6270,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Power\\PowerSettings\\abfc2519-3608-4c2a-94ea-171b0ed546ab\DCSettingIndex' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.34.6.3
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6156,7 +6288,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Power\\PowerSettings\\abfc2519-3608-4c2a-94ea-171b0ed546ab\ACSettingIndex' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.34.6.4
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6174,7 +6306,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Power\\PowerSettings\\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.34.6.5
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -6192,7 +6324,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Power\\PowerSettings\\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.34.6.6
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -6210,7 +6342,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\fAllowUnsolicited' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.36.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -6228,7 +6360,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\fAllowToGetHelp' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.36.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -6247,7 +6379,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Rpc\EnableAuthEpResolution' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.37.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -6271,7 +6403,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Rpc\RestrictRemoteClients' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.37.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -6290,7 +6422,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\ScriptedDiagnosticsProvider\\Policy\DisableQueryRemoteServer' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.48.5.1
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -6309,7 +6441,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\Microsoft\\Windows\\WDI\\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ScenarioExecutionEnabled' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.48.11.1
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -6328,7 +6460,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\Microsoft\\Windows\\AdvertisingInfo\DisabledByGroupPolicy' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.50.1
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -6347,7 +6479,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\Microsoft\\W32Time\\TimeProviders\\NtpClient\Enabled' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.53.1.1
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -6366,7 +6498,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\W32Time\\TimeProviders\\NtpServer' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.8.53.1.2
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -6386,7 +6518,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\AppModel\\StateManager\\AllowSharedLocalAppData' AND data == 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.4.1
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -6404,7 +6536,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\BlockNonAdminUserInstall' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.4.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -6422,7 +6554,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy\\LetAppsActivateWithVoiceAboveLock' AND data == 2);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.5.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -6441,7 +6573,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\MSAOptional' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.6.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -6459,7 +6591,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\BlockHostedAppAccessWinRT' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.6.2
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -6477,7 +6609,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\NoAutoplayfornonVolume' AND data != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.8.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -6496,7 +6628,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoAutorun' AND data == 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.8.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -6515,7 +6647,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoDriveTypeAutoRun' AND data == 255);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.8.3
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -6534,7 +6666,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Biometrics\\FacialFeatures\EnhancedAntiSpoofing' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.10.1.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -6553,7 +6685,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\FDVDiscoveryVolumeType' AND data = '');
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.1.1
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6577,7 +6709,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\FDVRecovery' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.1.2
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6597,7 +6729,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\Microsoft\\FVE\FDVManageDRA' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.1.3
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6617,7 +6749,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\FDVRecoveryPassword' AND data = 2);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.1.4
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6637,7 +6769,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\FDVRecoveryKey' AND data = 2);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.1.5
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6657,7 +6789,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\FDVHideRecoveryPage' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.1.6
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6677,7 +6809,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\FDVActiveDirectoryBackup' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.1.7
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6697,7 +6829,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\FDVActiveDirectoryInfoToStore' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.1.8
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6717,7 +6849,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\FDVRequireActiveDirectoryBackup' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.1.9
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6737,7 +6869,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\FDVHardwareEncryption' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.1.10
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6757,7 +6889,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\FDVPassphrase' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.1.11
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6777,7 +6909,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\Microsoft\\FVE\FDVAllowUserCert' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.1.12
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6797,7 +6929,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\FDVEnforceUserCert' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.1.13
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6817,7 +6949,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\UseEnhancedPin' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.1
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6837,7 +6969,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\OSAllowSecureBootForIntegrity' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.2
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6861,7 +6993,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\OSRecovery' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.3
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6881,7 +7013,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\OSManageDRA' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.4
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6901,7 +7033,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\OSRecoveryPassword' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.5
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6921,7 +7053,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\OSRecoveryKey' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.6
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6941,7 +7073,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\OSHideRecoveryPage' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.7
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6961,7 +7093,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\OSActiveDirectoryBackup' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.8
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -6981,7 +7113,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\OSActiveDirectoryInfoToStore' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.9
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7001,7 +7133,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\OSRequireActiveDirectoryBackup' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.10
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7021,7 +7153,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\OSHardwareEncryption' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.11
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7041,7 +7173,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\OSPassphrase' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.12
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7060,7 +7192,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\UseAdvancedStartup' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.13
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7079,7 +7211,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\EnableBDEWithNoTPM' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.2.14
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7098,7 +7230,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVDiscoveryVolumeType' AND data = '');
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.1
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7122,7 +7254,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVRecovery' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.2
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7142,7 +7274,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVManageDRA' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.3
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7162,7 +7294,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVRecoveryPassword' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.4
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7182,7 +7314,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVRecoveryKey' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.5
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7202,7 +7334,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVHideRecoveryPage' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.6
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7222,7 +7354,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVActiveDirectoryBackup' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.7
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7242,7 +7374,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVActiveDirectoryInfoToStore' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.8
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7262,7 +7394,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVRequireActiveDirectoryBackup' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.9
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7282,7 +7414,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVHardwareEncryption' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.10
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7301,7 +7433,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVPassphrase' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.11
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7321,7 +7453,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVAllowUserCert' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.12
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7341,7 +7473,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVEnforceUserCert' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.13
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7361,7 +7493,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\FVE\RDVDenyWriteAccess' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.14
+ tags: compliance, CIS, CIS_BitLocker
contributors: marcosd4h
---
apiVersion: v1
@@ -7380,7 +7512,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\RDVDenyCrossOrg' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.15
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7399,7 +7531,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\DisableExternalDMAUnderLock' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.4
+ tags: compliance, CIS, CIS_BitLocker
contributors: rachelelysia
---
apiVersion: v1
@@ -7418,7 +7550,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Camera\AllowCamera' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.12.1
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -7436,7 +7568,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\\Windows\\CloudContent\DisableConsumerAccountStateContent' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.14.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -7454,7 +7586,7 @@ spec:
query: |
Select 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent\DisableCloudOptimizedContent' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.14.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7472,7 +7604,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent\DisableWindowsConsumerFeatures' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.14.3
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7490,7 +7622,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\Windows\\Connect\RequirePinForPairing' AND data = 2);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.15.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7508,7 +7640,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CredUI\DisablePasswordReveal' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.16.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7526,7 +7658,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\CredUI\EnumerateAdministrators' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.16.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7544,7 +7676,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\NoLocalPasswordResetQuestions' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.16.3
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7566,7 +7698,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection\AllowTelemetry' AND (data = 0 OR data = 1));
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.17.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7584,7 +7716,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection\DisableEnterpriseAuthProxy' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.17.2
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -7603,7 +7735,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection\\DisableOneSettingsDownloads' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.17.3
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -7621,7 +7753,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection\DoNotShowFeedbackNotifications' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.17.4
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7640,7 +7772,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection\\EnableOneSettingsAuditing' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.17.5
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -7659,7 +7791,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection\\LimitDiagnosticLogCollection' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.17.6
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -7678,7 +7810,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection\LimitDumpCollection' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.17.7
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -7696,7 +7828,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PreviewBuilds\AllowBuildPreview' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.17.8
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7721,11 +7853,30 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization\DODownloadMode' AND data = 3);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.18.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Allow Custom SSPs and APs to be loaded into LSASS' is set to 'Disabled'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting controls the configuration under which the Local Security Authority Subsystem Service (LSASS) will load custom Security Support Provider/Authentication Package (SSP/AP).
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to Disabled:
+ 'Computer Configuration\Policies\Administrative Templates\System\Local Security Authority\Allow Custom SSPs and APs to be loaded into LSASS'
+
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\Policies\\Microsoft\\Windows\\System\\AllowCustomSSPsAPs' AND data = 0);
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
spec:
name: >
CIS - Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'
@@ -7741,7 +7892,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\Policies\\Microsoft\\Windows\\EventLog\\Application\Retention' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.27.1.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7761,7 +7912,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\Application\\MaxSize' AND data >= 32768 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.27.1.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7781,7 +7932,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\Security\Retention' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.27.2.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7801,7 +7952,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\Security\MaxSize' AND data >= 196608 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.27.2.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7821,7 +7972,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\Setup\Retention' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.27.3.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7841,7 +7992,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\Setup\MaxSize' AND data >= 32768);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.27.3.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7861,7 +8012,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\System\Retention' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.27.4.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7881,7 +8032,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\System\MaxSize' AND data >= 32768 );
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.27.4.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7900,7 +8051,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\NoDataExecutionPrevention' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.31.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7919,7 +8070,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\NoHeapTerminationOnCorruption' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.31.3
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7938,7 +8089,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\PreXPSP2ShellProtocolBehavior' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.31.4
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7957,7 +8108,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\HomeGroup\DisableHomeGroup' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.36.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -7976,7 +8127,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors\DisableLocation' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.41.1
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -7995,7 +8146,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftAccount\\DisableUserAuth' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.46.1
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8014,7 +8165,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Spynet\\LocalSettingOverrideSpynetReporting' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.4.1
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8039,7 +8190,7 @@ spec:
NOT EXISTS ( SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Spynet\\SpynetReporting' COLLATE NOCASE AND data != 0 )
);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.4.2
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -8058,7 +8209,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\ASR\\ExploitGuard_ASR_Rules' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.5.1.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -8116,7 +8267,7 @@ spec:
SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\ASR\\Rules\\e6db77e5-3df2-4cf1-b95a-636979351e5b' AND data = 1
);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.5.1.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -8135,7 +8286,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\Network Protection\\EnableNetworkProtection' AND data = 1;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.5.3.1
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8154,7 +8305,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Messaging\AllowMessageSync' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.45.1
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -8173,7 +8324,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\MpEngine\\EnableFileHashComputation' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.6.1
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -8193,7 +8344,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableIOAVProtection' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.9.1
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -8214,7 +8365,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableRealtimeMonitoring' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.9.2
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -8234,7 +8385,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableBehaviorMonitoring' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.9.3
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -8254,7 +8405,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableScriptScanning' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.9.4
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -8274,7 +8425,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Reporting\\DisableGenericRePorts' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.11.1
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -8294,7 +8445,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Scan\\DisableRemovableDriveScanning' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.12.1
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -8314,7 +8465,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Scan\\DisableEmailScanning' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.12.2
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -8333,7 +8484,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\PUAProtection' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.15
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -8352,7 +8503,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\DisableAntiSpyware' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.16
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -8371,7 +8522,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\AppHVSI\AuditApplicationGuard' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_NG, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.48.1
+ tags: compliance, CIS, CIS_NG
contributors: rachelelysia
---
apiVersion: v1
@@ -8390,7 +8541,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\AppHVSI\AllowCameraMicrophoneRedirection' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_NG, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.48.2
+ tags: compliance, CIS, CIS_NG
contributors: rachelelysia
---
apiVersion: v1
@@ -8409,7 +8560,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\AppHVSI\AllowPersistence' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_NG, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.48.3
+ tags: compliance, CIS, CIS_NG
contributors: rachelelysia
---
apiVersion: v1
@@ -8428,7 +8579,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\AppHVSI\SaveFilesToHost' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_NG, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.48.4
+ tags: compliance, CIS, CIS_NG
contributors: rachelelysia
---
apiVersion: v1
@@ -8447,7 +8598,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\AppHVSI\AppHVSIClipboardSettings' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_NG, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.48.5
+ tags: compliance, CIS, CIS_NG
contributors: rachelelysia
---
apiVersion: v1
@@ -8471,7 +8622,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\AppHVSI\AllowAppHVSI_ProviderSet' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_NG, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.48.6
+ tags: compliance, CIS, CIS_NG
contributors: rachelelysia
---
apiVersion: v1
@@ -8491,7 +8642,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Feeds\\EnableFeeds' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.57.1
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -8512,7 +8663,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\OneDrive\\DisableFileSyncNGSC' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.58.1
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -8532,7 +8683,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\PushToInstall\\DisablePushToInstall' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.64.1
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -8550,7 +8701,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\EnableUiaRedirection' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.3.1
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -8568,7 +8719,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\fDisableLocationRedir' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.3.4
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -8586,7 +8737,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds\\DisableEnclosureDownload' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.66.1
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8604,7 +8755,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\AllowCloudSearch' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.67.2
+ tags: compliance, CIS, CIS_Level2
contributors: artemist-work
---
apiVersion: v1
@@ -8622,7 +8773,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\AllowCortana' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.67.3
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8639,7 +8790,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\AllowCortanaAboveLock' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.67.4
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8657,7 +8808,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\AllowIndexingEncryptedStoresOrItems' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.67.5
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8675,7 +8826,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\AllowSearchToUseLocation' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.67.6
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8696,7 +8847,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\DisablePasswordSaving' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.2.2
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -8714,7 +8865,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\fDenyTSConnections' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.2.1
+ tags: compliance, CIS, CIS_Level2
contributors: artemist-work
---
apiVersion: v1
@@ -8732,7 +8883,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\fDisableCcm' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.3.2
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8750,7 +8901,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\fDisableCdm' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.3.3
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8768,7 +8919,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\fDisableLPT' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.3.5
+ tags: compliance, CIS, CIS_Level2
contributors: artemist-work
---
apiVersion: v1
@@ -8786,7 +8937,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\fDisablePNPRedir' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.3.6
+ tags: compliance, CIS, CIS_Level2
contributors: artemist-work
---
apiVersion: v1
@@ -8804,7 +8955,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\fPromptForPassword' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.9.1
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8822,7 +8973,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\fEncryptRPCTraffic' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.9.2
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8840,7 +8991,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\SecurityLayer' AND data = 2);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.9.3
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8858,7 +9009,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\UserAuthentication' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.9.4
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8879,7 +9030,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\MinEncryptionLevel' AND data = 3);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.9.5
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8898,7 +9049,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\MaxIdleTime' AND CAST(data AS INTEGER) <= 900000 AND CAST(data AS
INTEGER) != 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.10.1
+ tags: compliance, CIS, CIS_Level2
contributors: artemist-work
---
apiVersion: v1
@@ -8916,7 +9067,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\MaxDisconnectionTime' AND data = 60000);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.10.2
+ tags: compliance, CIS, CIS_Level2
contributors: artemist-work
---
apiVersion: v1
@@ -8934,7 +9085,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\DeleteTempDirsOnExit' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.11.1
+ tags: compliance, CIS, CIS_Level1
contributors: artemist-work
---
apiVersion: v1
@@ -8953,7 +9104,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform\NoGenTicket' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.72.1
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -8972,7 +9123,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore\DisableStoreApps' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.75.1
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -8991,7 +9142,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore\RequirePrivateStoreOnly' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.75.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9010,7 +9161,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore\AutoDownload' AND data = 4);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.75.3
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9029,7 +9180,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore\DisableOSUpgrade' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.75.4
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9048,7 +9199,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore\RemoveWindowsStore' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.75.5
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -9067,7 +9218,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Dsh\AllowNewsAndInterests' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.81.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9089,7 +9240,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\ShellSmartScreenLevel' AND data = 'Block')
);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.85.1.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9108,7 +9259,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter\EnabledV9' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.85.2.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9127,7 +9278,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter\PreventOverride' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.85.2.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9146,7 +9297,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\GameDVR\AllowGameDVR' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.87.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9165,26 +9316,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsInkWorkspace\AllowSuggestedAppsInWindowsInkWorkspace' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.89.1
- contributors: rachelelysia
----
-apiVersion: v1
-kind: policy
-spec:
- name: >
- CIS - Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Disabled' but not 'Enabled: On'
- platforms: win10
- platform: windows
- description: |
- This policy setting determines whether Windows Ink items are allowed above the lock screen.
- resolution: |
- To establish the recommended configuration via GP, set the following UI path to 'Enabled: On, but disallow access above lock' OR 'Disabled':
- 'Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Ink Workspace\Allow Windows Ink Workspace'
- Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsInkWorkspace.admx/adml that is included with the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates (or newer).
- query: |
- SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsInkWorkspace\AllowWindowsInkWorkspace' AND (data = 0 OR data = 1));
- purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.89.2
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -9204,7 +9336,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer\EnableUserControl' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.90.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9223,7 +9355,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer\AlwaysInstallElevated' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.90.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9243,7 +9375,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer\SafeForScripting' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.90.3
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -9263,7 +9395,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\System\DisableAutomaticRestartSignOn' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.91.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9282,26 +9414,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging\\EnableScriptBlockLogging' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.100.1
- contributors: marcosd4h
----
-apiVersion: v1
-kind: policy
-spec:
- name: >
- CIS - Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'
- platforms: win10
- platform: windows
- description: |
- This Policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.
- resolution: |
- To establish the recommended configuration via GP, set the following UI path to 'Disabled':
- 'Computer Configuration\Policies\Administrative Templates\Windows Components\Windows PowerShell\Turn on PowerShell Transcription'
- Note: This Group Policy path may not exist by default. It is provided by the Group Policy template PowerShellExecutionPolicy.admx that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).
- query: |
- SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PowerShell\\Transcription\\EnableTranscripting' AND data = 0);
- purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.100.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9319,7 +9432,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Client\\AllowBasic' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.102.1.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9337,7 +9450,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Client\\AllowUnencryptedTraffic' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.102.1.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9355,7 +9468,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Client\\AllowDigest' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.102.1.3
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9373,7 +9486,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Service\\AllowBasic' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.102.2.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9393,7 +9506,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Service\\AllowAutoConfig' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.102.2.2
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -9411,7 +9524,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Service\\AllowUnencryptedTraffic' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.102.2.3
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -9430,7 +9543,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Service\\DisableRunAs' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.102.2.4
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9448,7 +9561,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Service\\WinRS\\AllowRemoteShellAccess' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.103.1
+ tags: compliance, CIS, CIS_Level2
contributors: marcosd4h
---
apiVersion: v1
@@ -9467,7 +9580,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Sandbox\\AllowClipboardRedirection' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.104.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9486,7 +9599,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Sandbox\\AllowNetworking' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.104.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9505,7 +9618,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\App and Browser protection\\DisallowExploitProtectionOverride' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.105.2.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9523,7 +9636,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU\\NoAutoRebootWithLoggedOnUsers' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.108.1.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9545,7 +9658,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU\\AUOptions' AND data = 3)
);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.108.2.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9566,7 +9679,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU\\ScheduledInstallDay' AND data = 0)
);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.108.2.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9584,7 +9697,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\SetDisablePauseUXAccess' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.108.2.3
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9602,7 +9715,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\ManagePreviewBuildsPolicyValue' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.108.4.1
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9623,7 +9736,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\DeferFeatureUpdatesPeriodInDays' AND CAST(data AS INTEGER) >= 180)
);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.108.4.2
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9644,7 +9757,178 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\DeferQualityUpdatesPeriodInDays' AND data = 0)
);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.108.4.3
+ tags: compliance, CIS, CIS_Level1
+ contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Enable App Installer' is set to 'Disabled'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting controls whether user have access to the Windows Package Manager. Windows Package Manager is a package manager solution that consists of a command line tool and set of services for installing applications on Microsoft Windows 10 and 11.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Disabled':
+ 'Computer Configuration\Policies\Administrative Templates\Windows Components\Desktop App Installer\Enable App Installer'
+ Note: This Group Policy path may not exist by default. It is provided by the Group Policy template DesktopAppInstaller.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates (or newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppInstaller\\EnableAppInstaller' AND (data = 0));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Enable App Installer Experimental Features' is set to 'Disabled'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting controls whether users can enable experimental features in the Windows Package Manager.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Disabled':
+ 'Computer Configuration\Policies\Administrative Templates\Windows Components\Desktop App Installer\Enable App Installer Experimental Features'
+ Note: This Group Policy path may not exist by default. It is provided by the Group Policy template DesktopAppInstaller.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates (or newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppInstaller\\EnableExperimentalFeatures' AND (data = 0));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Enable App Installer Hash Override' is set to 'Disabled'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting controls whether or not users can override the SHA256 security validation in the Windows Package Manager settings.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Disabled':
+ 'Computer Configuration\Policies\Administrative Templates\Windows Components\Desktop App Installer\Enable App Installer Hash Override'
+ Note: This Group Policy path may not exist by default. It is provided by the Group Policy template DesktopAppInstaller.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates (or newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppInstaller\\EnableHashOverride' AND (data = 0));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Enable App Installer ms-appinstaller protocol' is set to 'Disabled'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting controls whether users can install packages from a website that is using the ms-appinstaller protocol. The ms-appinstaller protocol allows users to install an application by clicking a link on a website.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Disabled':
+ 'Computer Configuration\Policies\Administrative Templates\Windows Components\Desktop App Installer\Enable App Installer ms-appinstaller protocol'
+ Note: This Group Policy path may not exist by default. It is provided by the Group Policy template DesktopAppInstaller.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates (or newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppInstaller\\EnableMSAppInstallerProtocol' AND (data = 0));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting restricts the launching of Internet Explorer as a standalone browser.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled: Always':
+ 'Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Disable Internet Explorer 11 as a standalone browser'
+ Note: This Group Policy path may not exist by default. It is provided by the Group Policy template InetRes.admx/adml that is included with the Microsoft Windows 10 Release 21H1 Administrative Templates (or newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main\\NotifyDisableIEOptions' AND (data = 1));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
+ contributors: defensivedepth
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Do not allow WebAuthn redirection' is set to 'Enabled'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting controls the redirection of web authentication (WebAuthn) requests from a Remote Desktop session to the local device. This redirection enables users to authenticate to resources inside the Remote Desktop session using their local authenticator (e.g. Windows Hello for Business, security key, or other).
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled':
+ Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow WebAuthn redirection
+ Note: This Group Policy path is provided by the Group Policy template TerminalServer.admx/adml that is included with the Microsoft Windows 11 Release 22H2 Administrative Templates (or newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\fDisableWebAuthn' AND (data = 1));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Allow search highlights' is set to 'Disabled'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting controls search highlights in the start menu search box and in search home.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Disabled':
+ Computer Configuration\Policies\Administrative Templates\Windows Components\Search\Allow search highlights
+ Note: This Group Policy path may not exist by default. It is provided by the Group Policy template Search.admx/adml that is included with the Microsoft Windows 10 Release 21H2 Administrative Templates (or newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\EnableDynamicContentInWSB' AND (data = 0));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level2, CIS_group_policy_template_required
+ contributors: DefensiveDepth
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Enabled: Disabled'
+ platforms: win10
+ platform: windows
+ description: |
+ This policy setting determines whether Windows Ink items are allowed above the lock screen.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled: On, but disallow access above lock' OR 'Enabled: Disabled':
+ 'Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Ink Workspace\Allow Windows Ink Workspace'
+ Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsInkWorkspace.admx/adml that is included with the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates (or newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsInkWorkspace\AllowWindowsInkWorkspace' AND (data = 0 OR data = 1));
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
+ contributors: rachelelysia
+---
+apiVersion: v1
+kind: policy
+spec:
+ name: >
+ CIS - Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'
+ platforms: win10
+ platform: windows
+ description: |
+ This Policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.
+ resolution: |
+ To establish the recommended configuration via GP, set the following UI path to 'Enabled':
+ 'Computer Configuration\Policies\Administrative Templates\Windows Components\Windows PowerShell\Turn on PowerShell Transcription'
+ Note: This Group Policy path may not exist by default. It is provided by the Group Policy template PowerShellExecutionPolicy.admx/adml that is included with the Microsoft Windows 10 RTM (Release 1507) Administrative Templates (or newer).
+ query: |
+ SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PowerShell\\Transcription\\EnableTranscripting' AND data = 1);
+ purpose: Informational
+ tags: compliance, CIS, CIS_Level1, CIS_group_policy_template_required
contributors: marcosd4h
---
apiVersion: v1
@@ -9664,7 +9948,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE path LIKE 'HKEY_USERS\%\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive' and data = 1;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_19.1.3.1
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -9684,7 +9968,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE path LIKE 'HKEY_USERS\%\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure' and data = 1;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_19.1.3.2
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -9707,7 +9991,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE path LIKE 'HKEY_USERS\%\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut' AND data <=900 AND data > 0 ;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_19.1.3.3
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -9727,7 +10011,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE path LIKE 'HKEY_USERS\%\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications\NoToastApplicationNotificationOnLockScreen' AND data = 1;
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_19.5.1.1
+ tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm
---
apiVersion: v1
@@ -9747,7 +10031,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE path LIKE 'HKEY_USERS\%\SOFTWARE\Policies\Microsoft\Assistance\Client\1.0\NoImplicitFeedback' AND data = 1;
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_19.6.6.1.1
+ tags: compliance, CIS, CIS_Level2
contributors: sharon-fdm
---
apiVersion: v1
@@ -9766,7 +10050,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path LIKE 'HKEY_USERS\%\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\%\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation' and data = 2);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_19.7.4.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9785,7 +10069,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path LIKE 'HKEY_USERS\%\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\%\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus' AND data = 3);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_19.7.4.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9804,7 +10088,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path LIKE 'HKEY_USERS\%\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\%\Software\Policies\Microsoft\Windows\CloudContent\ConfigureWindowsSpotlight' AND data = 2);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_19.7.8.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9823,7 +10107,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path LIKE 'HKEY_USERS\%\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\%\Software\Policies\Microsoft\Windows\CloudContent\DisableThirdPartySuggestions' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_19.7.8.2
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9842,7 +10126,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path LIKE 'HKEY_USERS\%\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\%\Software\Policies\Microsoft\Windows\CloudContent\DisableTailoredExperiencesWithDiagnosticData' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_19.7.8.3
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -9861,7 +10145,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path LIKE 'HKEY_USERS\%\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\%\Software\Policies\Microsoft\Windows\CloudContent\DisableWindowsSpotlightFeatures' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_19.7.8.4
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia
---
apiVersion: v1
@@ -9881,7 +10165,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path LIKE 'HKEY_USERS\%\SOFTWARE\Policies\Microsoft\Windows\CloudContent\DisableSpotlightCollectionOnDesktop' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_19.7.8.5
+ tags: compliance, CIS, CIS_Level1
contributors: marcosd4h
---
apiVersion: v1
@@ -9900,7 +10184,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path LIKE 'HKEY_USERS\%\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInplaceSharing' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_19.7.28.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9920,7 +10204,7 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path LIKE 'HKEY_USERS\%\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated' AND data = 0);
purpose: Informational
- tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_19.7.43.1
+ tags: compliance, CIS, CIS_Level1
contributors: rachelelysia
---
apiVersion: v1
@@ -9939,5 +10223,5 @@ spec:
query: |
SELECT 1 FROM registry WHERE (path LIKE 'HKEY_USERS\%\Software\Policies\Microsoft\WindowsMediaPlayer\PreventCodecDownload' AND data = 1);
purpose: Informational
- tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_19.7.47.2.1
+ tags: compliance, CIS, CIS_Level2
contributors: rachelelysia