Item Search

Name	Audit Name	Plugin	Category
4.11.7.2.13 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'	CIS Microsoft Intune for Windows 10 v4.0.0 BL	Windows	IDENTIFICATION AND AUTHENTICATION
4.11.7.2.13 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'	CIS Microsoft Intune for Windows 11 v4.0.0 BL	Windows	ACCESS CONTROL
18.8.34.6.1 (BL) Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL
18.8.34.6.1 (BL) Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL
18.9.11.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL
18.9.11.1.11 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives: Use BitLocker software-based encryption when hardware encryption is not available' is set to 'Enabled: True'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL
18.9.11.1.12 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives: Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' is set to 'Enabled: False'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL
18.9.11.1.13 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives: Restrict crypto algorithms or cipher suites to the following:' is set to 'Enabled: 2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL
18.9.11.2.12 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL
18.9.11.2.13 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives: Use BitLocker software-based encryption when hardware encryption is not available' is set to 'Enabled: True'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL
18.9.11.2.15 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives: Restrict crypto algorithms or cipher suites to the following:' is set to 'Enabled: 2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL
18.9.11.3.10 (BL) Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL
18.9.11.3.13 (BL) Ensure 'Configure use of hardware-based encryption for removable data drives: Restrict crypto algorithms or cipher suites to the following:' is set to 'Enabled: 2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL
18.10.9.2.11 (L1) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	ACCESS CONTROL
18.10.9.3.1 (L1) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	ACCESS CONTROL
18.10.10.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	ACCESS CONTROL
18.10.10.1.7 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	ACCESS CONTROL
18.10.10.1.8 (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	ACCESS CONTROL
18.10.10.1.11 (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.1.11 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.2.8 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	ACCESS CONTROL
18.10.10.2.8 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG	Windows	ACCESS CONTROL
18.10.10.2.8 Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v5.0.0 L2 BL	Windows	ACCESS CONTROL
18.10.10.2.8 Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL	Windows	ACCESS CONTROL
18.10.10.2.9 (BL) Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.2.10 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	ACCESS CONTROL
18.10.10.2.10 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	ACCESS CONTROL
18.10.10.2.11 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	ACCESS CONTROL
18.10.10.2.11 Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'	CIS Microsoft Windows 11 Enterprise v5.0.1 BL	Windows	ACCESS CONTROL
18.10.10.2.11 Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'	CIS Microsoft Windows 11 Enterprise v5.0.1 L2 BL	Windows	ACCESS CONTROL
18.10.10.2.12 (BL) Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.2.12 (BL) Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	ACCESS CONTROL
18.10.10.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	ACCESS CONTROL
18.10.10.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	ACCESS CONTROL
18.10.10.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	ACCESS CONTROL
18.10.10.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	ACCESS CONTROL
18.10.10.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	ACCESS CONTROL
18.10.10.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v5.0.0 BL	Windows	ACCESS CONTROL
18.10.10.3.7 (BL) Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	ACCESS CONTROL
18.10.10.3.7 Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v5.0.0 L2 BL	Windows	ACCESS CONTROL
18.10.10.3.8 (BL) Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.3.8 (BL) Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.3.8 (BL) Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.3.8 Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.3.10 (BL) Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	ACCESS CONTROL
18.10.10.3.10 Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Disabled'	CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL	Windows	ACCESS CONTROL
18.10.10.3.11 (BL) Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.3.11 Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'	CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION

Detections

Analytics

Item Search