diff --git a/ee/cis/win-10/cis-policy-queries.yml b/ee/cis/win-10/cis-policy-queries.yml
index 9a8698cb72..454442311e 100644
--- a/ee/cis/win-10/cis-policy-queries.yml
+++ b/ee/cis/win-10/cis-policy-queries.yml
@@ -1,5 +1,5 @@
 ---
-# The latest version of CIS Benchmarks for Windows 10 standalone is version 1.0.1
+# The latest version of CIS Benchmarks for Windows 10 Enterprise is version 1.12.0
 apiVersion: v1
 kind: policy
 spec:
@@ -15,7 +15,7 @@ spec:
   query: |
     SELECT 1 FROM security_profile_info WHERE password_history_size >= 24;
   purpose: Informational
-  tags: compliance, CIS, CIS_Level1, CIS-win10-stand-alone-1.1.1
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.1
   contributors: marcosd4h
 ---
 apiVersion: v1
@@ -28,13 +28,12 @@ spec:
     This policy setting defines how long a user can use their password before it expires.
   resolution: |
     Automatic method:
-    Ask your system administrator to establish the recommended configuration via GP, set the
-    following UI path to 365 or fewer days, but not 0:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 365 or fewer days, but not 0:
     'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Maximum password age'
   query: |
     SELECT 1 FROM security_profile_info WHERE (maximum_password_age <= 365 AND maximum_password_age != 0);
   purpose: Informational
-  tags: compliance, CIS, CIS_Level1, CIS-win10-stand-alone-1.1.2
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.2
   contributors: marcosd4h
 ---
 apiVersion: v1
@@ -48,13 +47,12 @@ spec:
     change it. The range of values for this policy setting is between 1 and 999 days.
   resolution: |
     Automatic method:
-    Ask your system administrator to establish the recommended configuration via GP, set the
-    following UI path to 1 or more days:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 1 or more days:
     'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password age'
   query: |
     SELECT 1 FROM security_profile_info WHERE minimum_password_age >= 1;
   purpose: Informational
-  tags: compliance, CIS, CIS_Level1, CIS-win10-stand-alone-1.1.3
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.3
   contributors: marcosd4h
 ---
 apiVersion: v1
@@ -67,13 +65,12 @@ spec:
     This policy setting determines the least number of characters that make up a password for a user account.
   resolution: |
     Automatic method:
-    Ask your system administrator to establish the recommended configuration via GP, set the
-    following UI path to 14 or more characters
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 14 or more characters
     'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password length'
   query: |
     SELECT 1 FROM security_profile_info WHERE minimum_password_length >= 14;
   purpose: Informational
-  tags: compliance, CIS, CIS_Level1, CIS-win10-stand-alone-1.1.4
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.4
   contributors: marcosd4h
 ---
 apiVersion: v1
@@ -88,13 +85,12 @@ spec:
     discover with several publicly available tools.
   resolution: |
     Automatic method:
-    Ask your system administrator to establish the recommended configuration via GP, set the
-    following UI path to 'Enabled':
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Enabled':
     'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements'
   query: |
     SELECT 1 FROM security_profile_info WHERE password_complexity = 1;
   purpose: Informational
-  tags: compliance, CIS, CIS_Level1, CIS-win10-stand-alone-1.1.5
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.5
   contributors: marcosd4h
 ---
 apiVersion: v1
@@ -107,13 +103,12 @@ spec:
     This policy setting determines whether the minimum password length setting can be increased beyond the legacy limit of 14 characters.
   resolution: |
     Automatic method:
-    Ask your system administrator to establish the recommended configuration via GP, set the
-    following UI path to 'Enabled':
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Enabled':
     'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Relax minimum password length limits'
   query: |
     SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SAM\\RelaxMinimumPasswordLengthLimits' AND data != 0);
   purpose: Informational
-  tags: compliance, CIS, CIS_Level1, CIS-win10-stand-alone-1.1.6
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.6
   contributors: marcosd4h
 ---
 apiVersion: v1
@@ -134,5 +129,332 @@ spec:
   query: |
     SELECT 1 FROM security_profile_info WHERE clear_text_password = 0;
   purpose: Informational
-  tags: compliance, CIS, CIS_Level1, CIS-win10-stand-alone-1.1.7
-  contributors: marcosd4h
\ No newline at end of file
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_1.1.7
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure 'Accounts Administrator account status' is set to 'Disabled' 
+  platforms: win10
+  platform: windows
+  description: |
+    This policy setting enables or disables the Administrator account during normal operation. 
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Disabled':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Administrator account status'
+  query: |
+    SELECT 1 FROM mdm_bridge where mdm_command_input = "<SyncBody><Get><CmdID>1</CmdID><Item><Target><LocURI>./Device/Vendor/MSFT/Policy/Result/LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</LocURI></Target></Item></Get></SyncBody>" AND mdm_command_output == 0;
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.1.1
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure 'Accounts Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'
+  platforms: win10
+  platform: windows
+  description: |
+    This policy setting prevents users from adding new Microsoft accounts on this computer.
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Users can't add or log on with Microsoft account':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Block Microsoft accounts'
+  query: |
+    SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\NoConnectedUser' AND data == 3);
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.1.2
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure 'Accounts Guest account status' is set to 'Disabled'
+  platforms: win10
+  platform: windows
+  description: |
+    This policy setting determines whether the Guest account is enabled or disabled. The Guest account allows unauthenticated network users to gain access to the system.
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Disabled':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Guest account status'
+  query: |
+    SELECT 1 FROM mdm_bridge where mdm_command_input = "<SyncBody><Get><CmdID>1</CmdID><Item><Target><LocURI>./Device/Vendor/MSFT/Policy/Result/LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</LocURI></Target></Item></Get></SyncBody>" and mdm_command_output == 0;
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.1.3
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure 'Accounts Limit local account use of blank passwords to console logon only' is set to 'Enabled'
+  platforms: win10
+  platform: windows
+  description: |
+    This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console.
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Enabled':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only'
+  query: |
+    SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\LimitBlankPasswordUse' AND data == 1);
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.1.4
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Configure 'Accounts Rename administrator account'
+  platforms: win10
+  platform: windows
+  description: |
+    The built-in local administrator account is a well-known account name that attackers will
+    target. It is recommended to choose another name for this account, and to avoid names that
+    denote administrative or elevated access accounts. 
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to value different than 'Administrator':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Rename administrator account'
+  query: |
+    SELECT 1 FROM mdm_bridge where mdm_command_input = "<SyncBody><Get><CmdID>1</CmdID><Item><Target><LocURI>./Device/Vendor/MSFT/Policy/Result/LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount</LocURI></Target></Item></Get></SyncBody>" and mdm_command_output != "Administrator";
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.1.5
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Configure 'Accounts Rename guest account'
+  platforms: win10
+  platform: windows
+  description: |
+    The built-in local guest account is another well-known name to attackers. It is recommended to
+    rename this account to something that does not indicate its purpose. Even if you disable this
+    account, which is recommended, ensure that you rename it for added security.
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to value different than 'Guest':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Rename guest account'
+  query: |
+    SELECT 1 FROM mdm_bridge where mdm_command_input = "<SyncBody><Get><CmdID>1</CmdID><Item><Target><LocURI>./Device/Vendor/MSFT/Policy/Result/LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount</LocURI></Target></Item></Get></SyncBody>" and mdm_command_output != "Guest";
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.1.6
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure 'Audit Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'
+  platforms: win10
+  platform: windows
+  description: |
+    This policy setting allows administrators to enable the more precise auditing capabilities.
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Enabled':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings'
+  query: |
+    SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\SCENoApplyLegacyAuditPolicy' AND data == 1);
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.2.1
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure 'Audit Shut down system immediately if unable to log security audits' is set to 'Disabled'
+  platforms: win10
+  platform: windows
+  description: |
+    This policy setting determines whether the system shuts down if it is unable to log Security
+    events. It is a requirement for Trusted Computer System Evaluation Criteria (TCSEC)-C2 and
+    Common Criteria certification to prevent auditable events from occurring if the audit system is
+    unable to log them. 
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Disabled':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits'
+  query: |
+    SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\crashonauditfail' AND data == 0);
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.2.2
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure 'Devices Prevent users from installing printer drivers' is set to 'Enabled'
+  platforms: win10
+  platform: windows
+  description: |
+    For a computer to print to a shared printer, the driver for that shared printer must be
+    installed on the local computer. This security setting determines who is allowed to install a
+    printer driver as part of connecting to a shared printer. 
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Enabled':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers'
+  query: |
+    SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Print\\Providers\\LanManPrint Services\\Servers\\AddPrinterDrivers' AND data == 1);
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.4.1
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure 'Interactive logon Do not require CTRL+ALT+DEL' is set to 'Disabled'
+  platforms: win10
+  platform: windows
+  description: |
+    This policy setting determines whether users must press CTRL+ALT+DEL before they log on. 
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Disabled':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL'
+  query: |
+    SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableCAD' AND data == 0);
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.1
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure 'Interactive logon Don't display last signed-in' is set to 'Enabled'
+  platforms: win10
+  platform: windows
+  description: |
+    This policy setting determines whether the account name of the last user to log on to the client
+    computers in your organization will be displayed in each computer's respective Windows logon
+    screen.
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Enabled':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Don't display last signed-in'
+  query: |
+    SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\dontdisplaylastusername' AND data == 1);
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.2
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure 'Interactive logon Machine account lockout threshold' is set to '10 or fewer invalid logon attempts, but not 0'
+  platforms: win10
+  platform: windows
+  description: |
+    This security setting determines the number of failed logon attempts that causes the machine to be locked out.
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to '10 or fewer invalid logon attempts, but not 0':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Machine account lockout threshold'
+  query: |
+    SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\MaxDevicePasswordFailedAttempts' AND data <= 10 AND data != 0);
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.3
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure 'Interactive logon Machine inactivity limit' is set to '900 or fewer second(s), but not 0'
+  platforms: win10
+  platform: windows
+  description: |
+    Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to '900 or fewer seconds, but not 0':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Machine inactivity limit'
+  query: |
+    SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\InactivityTimeoutSecs' AND data <= 900 AND data != 0);
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.4
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Configure 'Interactive logon Message text for users attempting to log on' 
+  platforms: win10
+  platform: windows
+  description: |
+    This policy setting specifies a text message that displays to users when they log on. Set the
+    following group policy to a value that is consistent with the security and operational
+    requirements of your organization.
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to a value that is consistent with the security and operational requirements
+    of your organization:
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Message text for users attempting to log on'
+  query: |
+    SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\legalnoticetext' AND data != "");
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.5
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Configure 'Interactive logon Message title for users attempting to log on'
+  platforms: win10
+  platform: windows
+  description: |
+    This policy setting specifies the text displayed in the title bar of the window that users see
+    when they log on to the system. Configure this setting in a manner that is consistent with the
+    security and operational requirements of your organization.
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to a value that is consistent with the security and operational requirements
+    of your organization:
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Message title for users attempting to log on'
+  query: |
+    SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\legalnoticecaption' AND data != "");
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.6
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure 'Interactive logon Prompt user to change password before expiration' is set to 'between 5 and 14 days'
+  platforms: win10
+  platform: windows
+  description: |
+    This policy setting specifies the text displayed in the title bar of the window that users see
+    when they log on to the system. Configure this setting in a manner that is consistent with the
+    security and operational requirements of your organization.
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the following UI path to a value 'between 5 and 14 days':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration'
+  query: |
+    SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\PasswordExpiryWarning' AND CAST(data AS INTEGER) >= 5 AND CAST(data AS INTEGER) <= 14);
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.7
+  contributors: marcosd4h
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure 'Interactive logon Smart card removal behavior' is set to 'Lock Workstation' or higher
+  platforms: win10
+  platform: windows
+  description: |
+    This policy setting determines what happens when the smart card for a logged-on user is removed from the smart card reader.
+  resolution: |
+    Automatic method:
+    Ask your system administrator to establish the recommended configuration via GP, set the
+    following UI path to 'Lock Workstation (or, if applicable for your environment, Force Logoff or Disconnect if a Remote Desktop Services session)':
+    'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior'
+  query: |
+    SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\scremoveoption' AND CAST(data AS INTEGER) >= 1 AND CAST(data AS INTEGER) <= 3);
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.7.8
+  contributors: marcosd4h
+---
\ No newline at end of file
diff --git a/ee/cis/win-10/test/instructions/CIS_1.1.1.txt b/ee/cis/win-10/test/instructions/CIS_1.1.1.txt
new file mode 100644
index 0000000000..41c65a52e1
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_1.1.1.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to '24 or more passwords':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Enforce password history'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than '24 or more passwords':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Enforce password history'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_1.1.2.txt b/ee/cis/win-10/test/instructions/CIS_1.1.2.txt
new file mode 100644
index 0000000000..2c79c000fd
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_1.1.2.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to '365 or fewer days, but not 0':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Maximum password age'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than '365 or fewer days, but not 0':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Maximum password age'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_1.1.3.txt b/ee/cis/win-10/test/instructions/CIS_1.1.3.txt
new file mode 100644
index 0000000000..75a1a67d4c
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_1.1.3.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to '1 or more days':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password age'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than '1 or more days':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password age'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_1.1.4.txt b/ee/cis/win-10/test/instructions/CIS_1.1.4.txt
new file mode 100644
index 0000000000..19d49f09cb
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_1.1.4.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to '14 or more characters':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password length'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than '14 or more characters':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password length'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_1.1.5.txt b/ee/cis/win-10/test/instructions/CIS_1.1.5.txt
new file mode 100644
index 0000000000..ab0d6072a0
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_1.1.5.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Enabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to value different than 'Enabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_1.1.6.txt b/ee/cis/win-10/test/instructions/CIS_1.1.6.txt
new file mode 100644
index 0000000000..52ff992272
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_1.1.6.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Enabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Relax minimum password length limits'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to value different than 'Enabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Relax minimum password length limits'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_1.1.7.txt b/ee/cis/win-10/test/instructions/CIS_1.1.7.txt
new file mode 100644
index 0000000000..3afc3c45d8
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_1.1.7.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Disabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Store passwords using reversible encryption'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to value different than 'Disabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Store passwords using reversible encryption'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.1.1.txt b/ee/cis/win-10/test/instructions/CIS_2.3.1.1.txt
new file mode 100644
index 0000000000..ffaac3a7b3
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.1.1.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Disabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Administrator account status'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to value different than 'Disabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Administrator account status'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.1.2.txt b/ee/cis/win-10/test/instructions/CIS_2.3.1.2.txt
new file mode 100644
index 0000000000..df2fd64b73
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.1.2.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Users can't add or log on with Microsoft accounts':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Block Microsoft accounts'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than 'Users can't add or log on with Microsoft accounts':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Block Microsoft accounts'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.1.3.txt b/ee/cis/win-10/test/instructions/CIS_2.3.1.3.txt
new file mode 100644
index 0000000000..f3f54a1724
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.1.3.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Disabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Guest account status'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than 'Disabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Guest account status'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.1.4.txt b/ee/cis/win-10/test/instructions/CIS_2.3.1.4.txt
new file mode 100644
index 0000000000..45b84cebe2
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.1.4.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Enabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than 'Enabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.1.5.txt b/ee/cis/win-10/test/instructions/CIS_2.3.1.5.txt
new file mode 100644
index 0000000000..b49a1be703
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.1.5.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to a value different than 'Administrator':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Rename administrator account'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Administrator' value:
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Rename administrator account'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.1.6.txt b/ee/cis/win-10/test/instructions/CIS_2.3.1.6.txt
new file mode 100644
index 0000000000..c19cd6cf9a
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.1.6.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to a value different than 'Guest':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Rename guest account'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to the 'Guest' value:
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Rename guest account'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.2.1.txt b/ee/cis/win-10/test/instructions/CIS_2.3.2.1.txt
new file mode 100644
index 0000000000..5569b80c6f
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.2.1.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Enabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than 'Enabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.2.2.txt b/ee/cis/win-10/test/instructions/CIS_2.3.2.2.txt
new file mode 100644
index 0000000000..2b207bc777
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.2.2.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Disabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than 'Disabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.4.1.txt b/ee/cis/win-10/test/instructions/CIS_2.3.4.1.txt
new file mode 100644
index 0000000000..36f7b5fcab
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.4.1.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Enabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than 'Enabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.7.1.txt b/ee/cis/win-10/test/instructions/CIS_2.3.7.1.txt
new file mode 100644
index 0000000000..509581fafd
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.7.1.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Disabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than 'Disabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.7.2.txt b/ee/cis/win-10/test/instructions/CIS_2.3.7.2.txt
new file mode 100644
index 0000000000..db03bcfdbe
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.7.2.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Enabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Don't display last signed-in'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than 'Enabled':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Don't display last signed-in'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.7.3.txt b/ee/cis/win-10/test/instructions/CIS_2.3.7.3.txt
new file mode 100644
index 0000000000..dfbda83114
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.7.3.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to '10 or fewer invalid logon attempts, but not 0':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Machine account lockout threshold'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than '10 or fewer invalid logon attempts, but not 0':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Machine account lockout threshold'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.7.4.txt b/ee/cis/win-10/test/instructions/CIS_2.3.7.4.txt
new file mode 100644
index 0000000000..e8ab080cf4
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.7.4.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to '900 or fewer second(s), but not 0':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Machine inactivity limit'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than '900 or fewer second(s), but not 0':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Machine inactivity limit'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.7.5.txt b/ee/cis/win-10/test/instructions/CIS_2.3.7.5.txt
new file mode 100644
index 0000000000..241547f493
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.7.5.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to a non-empty value:
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Message text for users attempting to log on'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to an empty value:
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Message text for users attempting to log on'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.7.6.txt b/ee/cis/win-10/test/instructions/CIS_2.3.7.6.txt
new file mode 100644
index 0000000000..50990af705
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.7.6.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to a non-empty value:
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Message title for users attempting to log on'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to an empty value:
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Message title for users attempting to log on'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.7.7.txt b/ee/cis/win-10/test/instructions/CIS_2.3.7.7.txt
new file mode 100644
index 0000000000..f290e4289c
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.7.7.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values 'between 5 and 14 days':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than 'between 5 and 14 days':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+
diff --git a/ee/cis/win-10/test/instructions/CIS_2.3.7.8.txt b/ee/cis/win-10/test/instructions/CIS_2.3.7.8.txt
new file mode 100644
index 0000000000..0a7605324d
--- /dev/null
+++ b/ee/cis/win-10/test/instructions/CIS_2.3.7.8.txt
@@ -0,0 +1,18 @@
+Expected scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to 'Lock Workstation or higher':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior'
+
+2) After running the policy check, it should return 1 indicating that setting was properly set
+
+
+
+Failure scenario
+==================
+1) Open "Edit Group Policy" tool and set the following UI path to values different than 'Lock Workstation or higher':
+'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior'
+
+2) After running the policy check, it should return nothing, indicating that setting was set to a non-compliant value
+
+
+