Item Search

Name	Audit Name	Plugin	Category
2.2.5 (L1) Ensure 'Add workstations to domain' is set to 'Administrators' (DC only)	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.13 (L1) Ensure 'Create a pagefile' is set to 'Administrators'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.16 (L1) Ensure 'Create permanent shared objects' is set to 'No One'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.19 (L1) Ensure 'Debug programs' is set to 'Administrators'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
2.2.30 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.2.39 (L1) Ensure 'Modify an object label' is set to 'No One'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.43 (L1) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.47 (L1) Ensure 'Synchronize directory service data' is set to 'No One' (DC only)	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.1.1 (L1) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.2.1 (L1) Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
2.3.2.2 (L1) Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
2.3.6.4 (L1) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.10.8 (L1) Configure 'Network access: Remotely accessible registry paths' is configured	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.10.13 (L1) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.11.5 (L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.11.8 (L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.16.1 (L1) Ensure 'System settings: Optional subsystems' is set to 'Defined: (blank)'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.1.6 (L1) Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
9.1.7 (L1) Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
9.3.10 (L1) Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
18.4.3 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.5.1 (L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.5.4 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.5.7 (L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.5.9 (L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.7.6 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.9.20.1.7 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.9.20.1.9 (L2) Ensure 'Turn off the 'Order Prints' picture task' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.9.20.1.12 (L2) Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.9.27.4 (L1) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.9.27.6 (L1) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.10.57.3.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.10.57.3.3.3 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.10.89.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.89.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
19.1.3.3 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
19.7.4.1 (L1) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
19.7.4.2 (L1) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
Accounts: Limit local account use of blank passwords to console logon only	MSCT Windows Server 2012 R2 DC v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Allow indexing of encrypted files	MSCT Windows Server 2012 R2 DC v1.0.0	Windows	CONFIGURATION MANAGEMENT
Audit Account Lockout	MSCT Windows Server 2012 R2 DC v1.0.0	Windows	AUDIT AND ACCOUNTABILITY
Audit Credential Validation	MSCT Windows Server 2012 R2 DC v1.0.0	Windows	AUDIT AND ACCOUNTABILITY

Detections

Analytics

Item Search