CIS Microsoft Windows 11 Stand-alone v1.0.0 NG

Audit Details

Name: CIS Microsoft Windows 11 Stand-alone v1.0.0 NG

Updated: 1/17/2023

Authority: CIS

Plugin: Windows

Revision: 1.0

Estimated Item Count: 13

File Details

Filename: CIS_Microsoft_Windows_11_Stand-alone_v1.0.0_Next_Generation_Windows_Security.audit

Size: 39.6 kB

MD5: 0cf6ba5c6a4b43a232de337ff543384e
SHA256: 35dfe9af0ff2254bc10ae3fcaf117fa77caed2f33e9a7fb3cab656d55ac8def5

Audit Items

DescriptionCategories
18.8.5.1 Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

18.8.5.2 Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot and DMA Protection'

SYSTEM AND INFORMATION INTEGRITY

18.8.5.3 Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock'

SYSTEM AND INFORMATION INTEGRITY

18.8.5.4 Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'

SYSTEM AND INFORMATION INTEGRITY

18.8.5.5 Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock'

SYSTEM AND INFORMATION INTEGRITY

18.8.5.6 Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

18.9.48.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'

AUDIT AND ACCOUNTABILITY

18.9.48.2 Ensure 'Allow camera and microphone access in Microsoft Defender Application Guard' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

18.9.48.3 Ensure 'Allow data persistence for Microsoft Defender Application Guard' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

18.9.48.4 Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

18.9.48.5 Ensure 'Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host'

SYSTEM AND INFORMATION INTEGRITY

18.9.48.6 Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'

SYSTEM AND INFORMATION INTEGRITY

CIS_Microsoft_Windows_11_Stand-alone_v1.0.0_Next_Generation_Windows_Security.audit from CIS Microsoft Windows 11 Stand-alone Benchmark