Detections
Analytics

CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL

Updated: 8/3/2022

Authority: Operating Systems and Applications

Plugin: Windows

Revision: 1.15

Estimated Item Count: 412

Audit Changelog

 
Revision 1.15

Aug 3, 2022

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.14

Jun 13, 2022

Functional Update
  • 18.4.13 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'
  • 2.3.10.7 Ensure 'Network access: Remotely accessible registry paths'
  • 2.3.9.1 Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'
  • 2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher
Revision 1.13

Apr 25, 2022

Functional Update
  • 17.5.3 Ensure 'Audit Logoff' is set to include 'Success'
Miscellaneous
  • References updated.
Revision 1.12

Mar 29, 2022

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.11

Jun 17, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.10

Mar 1, 2021

Functional Update
  • 18.4.10 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'
Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.8

Nov 24, 2020

Functional Update
  • 18.9.26.1.2 Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'
  • 18.9.26.3.2 Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'
  • 18.9.26.4.2 Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'
  • 9.1.6 Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'
  • 9.2.6 Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater'
  • 9.3.8 Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater'
Revision 1.7

Nov 17, 2020

Functional Update
  • 2.2.16 Ensure 'Deny access to this computer from the network' to include 'Guests, Local account'
  • 2.2.17 Ensure 'Deny log on as a batch job' to include 'Guests'
  • 2.2.18 Ensure 'Deny log on as a service' to include 'Guests'
  • 2.2.19 Ensure 'Deny log on locally' to include 'Guests'
  • 2.2.20 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests, Local account'
Revision 1.6

Nov 3, 2020

Functional Update
  • 18.9.11.2.5 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'
  • 2.2.35 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'
Revision 1.5

Sep 29, 2020

Miscellaneous
  • References updated.