From eb8de78a62a4f872e2af3765362806c5d5c3d1f9 Mon Sep 17 00:00:00 2001 From: Artemis Tosini Date: Tue, 25 Apr 2023 13:04:38 -0400 Subject: [PATCH] Add Windows 10 CIS 18.9.66-67 (#11143) This is all 6 queries referenced in #10361. I've tested all queries on Windows 10 Pro. - [x] Manual QA for all new/changed functionality --- ee/cis/win-10/cis-policy-queries.yml | 108 +++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) diff --git a/ee/cis/win-10/cis-policy-queries.yml b/ee/cis/win-10/cis-policy-queries.yml index fa9b8cd306..df5ebb2771 100644 --- a/ee/cis/win-10/cis-policy-queries.yml +++ b/ee/cis/win-10/cis-policy-queries.yml @@ -7092,6 +7092,114 @@ spec: --- apiVersion: v1 kind: policy +spec: + name: > + CIS - Ensure 'Prevent downloading of enclosures' is set to 'Enabled' + platforms: win10 + platform: windows + description: | + This policy setting prevents the user from having enclosures (file attachments) downloaded from an RSS feed to the user's computer. + resolution: | + To establish the recommended configuration via GP, set the following UI path to 'Enabled': + 'Computer Configuration\Policies\Administrative Templates\Windows Components\RSS Feeds\Prevent downloading of enclosures' + query: | + SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds\\DisableEnclosureDownload' AND data = 1); + purpose: Informational + tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.66.1 + contributors: artemist-work +--- +apiVersion: v1 +kind: policy +spec: + name: > + CIS - Ensure 'Allow Cloud Search' is set to 'Enabled: Disable Cloud Search' + platforms: win10 + platform: windows + description: | + This policy setting allows search and Cortana to search cloud sources like OneDrive and SharePoint. + resolution: | + To establish the recommended configuration via GP, set the following UI path to 'Enabled', then 'Disable Cloud Search': + 'Computer Configuration\Policies\Administrative Templates\Windows Components\Search\Allow Cloud Search' + query: | + SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\AllowCloudSearch' AND data = 0); + purpose: Informational + tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.67.2 + contributors: artemist-work +--- +apiVersion: v1 +kind: policy +spec: + name: > + CIS - Ensure 'Allow Cortana' is set to 'Disabled' + platforms: win10 + platform: windows + description: | + This policy setting specifies whether Cortana is allowed on the device. + resolution: | + To establish the recommended configuration via GP, set the following UI path to 'Disabled': + 'Computer Configuration\Policies\Administrative Templates\Windows Components\Search\Allow Cortana' + query: | + SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\AllowCortana' AND data = 0); + purpose: Informational + tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.67.3 + contributors: artemist-work +--- +apiVersion: v1 +kind: policy +spec: + name: > + CIS - Ensure 'Allow Cortana above lock screen' is set to 'Disabled' + platforms: win10 + platform: windows + description: | + This policy setting determines whether or not the user can interact with Cortana using speech while the system is locked. + resolution: | + To establish the recommended configuration via GP, set the following UI path to 'Disabled': + query: | + SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\AllowCortanaAboveLock' AND data = 0); + purpose: Informational + tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.67.4 + contributors: artemist-work +--- +apiVersion: v1 +kind: policy +spec: + name: > + CIS - Ensure 'Allow indexing of encrypted files' is set to 'Disabled' + platforms: win10 + platform: windows + description: | + This policy setting controls whether encrypted items are allowed to be indexed. + resolution: | + To establish the recommended configuration via GP, set the following UI path to 'Disabled': + 'Computer Configuration\Policies\Administrative Templates\Windows Components\Search\Allow indexing of encrypted files' + query: | + TODO + SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\AllowIndexingEncryptedStoresOrItems' AND data = 0); + purpose: Informational + tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.67.5 + contributors: artemist-work +--- +apiVersion: v1 +kind: policy +spec: + name: > + CIS - Ensure 'Allow search and Cortana to use location' is set to 'Disabled' + platforms: win10 + platform: windows + description: | + This policy setting specifies whether search and Cortana can provide location aware search and Cortana results. + resolution: | + To establish the recommended configuration via GP, set the following UI path to 'Disabled': + 'Computer Configuration\Policies\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location' + query: | + SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\\AllowSearchToUseLocation' AND data = 0); + purpose: Informational + tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.67.6 + contributors: artemist-work +--- +apiVersion: v1 +kind: policy spec: name: > CIS - Ensure 'Do not allow passwords to be saved' is set to 'Enabled'