Detections
Analytics

CIS Microsoft Windows 10 Stand-alone v2.0.0 NG

Audit Details

Name: CIS Microsoft Windows 10 Stand-alone v2.0.0 NG

Updated: 11/17/2023

Authority: CIS

Plugin: Windows

Revision: 1.2

Estimated Item Count: 14

File Details

Filename: CIS_Microsoft_Windows_10_Stand-alone_v2.0.0_Next_Generation_Windows_Security.audit

Size: 43.7 kB

MD5: 8d09f241debd61c475c6675ca6df9df9
SHA256: ceb7fbc29fb0617478b7df14eceaf115ac5a99684e176de7ad9a924e45aab6d2

Audit Items

DescriptionCategories
18.9.5.1 Ensure 'Turn On Virtualization Based Security' is set to 'Enabled' - Enabled

SYSTEM AND INFORMATION INTEGRITY

18.9.5.2 Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot' or higher - Secure Boot and DMA Protection

SYSTEM AND INFORMATION INTEGRITY

18.9.5.3 Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock' - Enabled with UEFI lock

SYSTEM AND INFORMATION INTEGRITY

18.9.5.4 Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)' - True (checked)

SYSTEM AND INFORMATION INTEGRITY

18.9.5.5 Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock' - Enabled with UEFI lock

SYSTEM AND INFORMATION INTEGRITY

18.9.5.6 Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled' - Enabled

SYSTEM AND INFORMATION INTEGRITY

18.9.25.1 Ensure 'Configures LSASS to run as a protected process' is set to 'Enabled: Enabled with UEFI Lock'

CONFIGURATION MANAGEMENT

18.10.44.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled' - Enabled

AUDIT AND ACCOUNTABILITY

18.10.44.2 Ensure 'Allow camera and microphone access in Microsoft Defender Application Guard' is set to 'Disabled' - Disabled

CONFIGURATION MANAGEMENT

18.10.44.3 Ensure 'Allow data persistence for Microsoft Defender Application Guard' is set to 'Disabled' - Disabled

CONFIGURATION MANAGEMENT

18.10.44.4 Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled' - Disabled

CONFIGURATION MANAGEMENT

18.10.44.5 Ensure 'Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host' - Enabled: Enable clipboard operation from an isolated session to the host

CONFIGURATION MANAGEMENT

18.10.44.6 Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1' - Enabled: 1

SYSTEM AND INFORMATION INTEGRITY

CIS_Microsoft_Windows_10_Stand-alone_v2.0.0_Next_Generation_Windows_Security.audit from CIS Microsoft Windows 10 Stand-alone Benchmark