CSCv7|5.4

Title

Deploy System Configuration Management Tools

Description

Deploy system configuration management tools that will automatically enforce and redeploy configuration settings to systems at regularly scheduled intervals.

Reference Item Details

Category: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 (L1) Host hardware must enable UEFI Secure BootVMwareCIS VMware ESXi 8.0 v1.1.0 L1
1.4 (L1) Host hardware must enable and configure a TPM 2.0VMwareCIS VMware ESXi 8.0 v1.1.0 L1
1.5 (L1) Host integrated hardware management controller must be secureVMwareCIS VMware ESXi 8.0 v1.1.0 L1
1.6 (L1) Host integrated hardware management controller must enable time synchronizationVMwareCIS VMware ESXi 8.0 v1.1.0 L1
18.8.21.1 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.8.21.1 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.8.21.3 (L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.8.21.3 (L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.8.21.3 (L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.8.21.3 (L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.8.21.3 (L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.8.21.3 (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.8.21.3 (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.8.21.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.8.21.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.8.21.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.8.21.4 (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.8.21.4 (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.8.21.4 (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.8.21.4 Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.8.21.5 (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.8.21.5 (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.8.21.5 Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.8.21.5 Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows Server 2025 v1.0.0 L1 DC
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows Server 2025 v1.0.0 L1 MS
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Windows Server 2012 MS L1 v3.0.0
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Windows Server 2012 DC L1 v3.0.0
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L1
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.9.19.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG