Item Search

Name	Audit Name	Plugin	Category
1.1.4 Ensure 'Minimum password length' is set to '14 or more character(s)'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION
1.1.5 Ensure 'Password must meet complexity requirements' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION
1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
1.2.2 Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
2.2.5 Ensure 'Allow log on locally' is set to 'Administrators, Users'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
2.2.7 Ensure 'Back up files and directories' is set to 'Administrators'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
2.2.9 Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE, Users'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
2.2.13 Ensure 'Create permanent shared objects' is set to 'No One'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
2.2.23 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
2.2.24 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
2.2.27 Ensure 'Lock pages in memory' is set to 'No One'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
2.3.1.1 Ensure 'Accounts: Administrator account status' is set to 'Disabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
2.3.1.5 Configure 'Accounts: Rename guest account'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
2.3.6.3 Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.9.2 Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.9.3 Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.10.1 Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
2.3.11.2 Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.16.1 Ensure 'System settings: Optional subsystems' is set to 'Defined: (blank)'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	CONFIGURATION MANAGEMENT
2.3.17.1 Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
2.3.17.2 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
2.3.17.7 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
5.20 Ensure 'Remote Procedure Call (RPC) Locator (RpcLocator)' is set to 'Disabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	CONFIGURATION MANAGEMENT
5.30 Ensure 'Windows CardSpace (idsvc)' is set to 'Disabled' or 'Not Installed'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	CONFIGURATION MANAGEMENT
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.1.6 Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	AUDIT AND ACCOUNTABILITY
9.2.6 Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	AUDIT AND ACCOUNTABILITY
9.3.2 Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.3.5 Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
17.3.1 Ensure 'Audit Process Creation' is set to include 'Success'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	AUDIT AND ACCOUNTABILITY
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	AUDIT AND ACCOUNTABILITY
17.6.1 Ensure 'Audit Detailed File Share' is set to include 'Failure'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	AUDIT AND ACCOUNTABILITY
17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	AUDIT AND ACCOUNTABILITY
17.7.2 Ensure 'Audit Authentication Policy Change' is set to include 'Success'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	AUDIT AND ACCOUNTABILITY
18.3.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
18.3.3 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.3.4 Ensure 'Configure SMB v1 server' is set to 'Disabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.3.6 Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.9.15.2 Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
18.9.24.7 Ensure 'System DEP' is set to 'Enabled: Application Opt-Out'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.9.26.1.2 Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	AUDIT AND ACCOUNTABILITY
18.9.59.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.9.59.3.11.2 Ensure 'Do not use temporary folders per session' is set to 'Disabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.9.97.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled' - Service	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
19.1.3.1 Ensure 'Enable screen saver' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
19.1.3.3 Ensure 'Password protect the screen saver' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL
19.7.4.1 Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	CONFIGURATION MANAGEMENT
19.7.26.1 Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	CONFIGURATION MANAGEMENT
19.7.41.1 Ensure 'Always install with elevated privileges' is set to 'Disabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	ACCESS CONTROL

Detections

Analytics

Item Search