CSCv7|14.3

Title

Disable Workstation to Workstation Communication

Description

Disable all workstation to workstation communication to limit an attacker's ability to move laterally and compromise neighboring systems, through technologies such as Private VLANs or microsegmentation.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
18.3.1 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.3.1 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.3.1 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)' - Enabled: Disable driver (recommended)	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.3.1 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)' - Enabled: Disable driver (recommended)	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.3.2 (L1) Ensure 'Configure SMB v1 client' is set to 'Enabled: Bowser, MRxSmb20, NSI'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.3.2 (L1) Ensure 'Configure SMB v1 client' is set to 'Enabled: Bowser, MRxSmb20, NSI'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.3.2 (L1) Ensure 'Configure SMB v1 client' is set to 'Enabled: Bowser, MRxSmb20, NSI'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.3.2 (L1) Ensure 'Configure SMB v1 client' is set to 'Enabled: Bowser, MRxSmb20, NSI'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.3.2 (L1) Ensure 'Configure SMB v1 server' is set to 'Disabled'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.3.2 (L1) Ensure 'Configure SMB v1 server' is set to 'Disabled'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2025 v1.0.0 L1 MS
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC

Detections

Analytics

CSCv7|14.3

Title

Description

Reference Item Details

Audit Items