In this article I’ll focus on implementing following checks from above CIS benchmarks which can extend existing predefined standard:ġ9.1.3.1 (L1) Ensure 'Enable screen saver' is set to 'Enabled' (Scored)ġ9.1.3.2 (L1) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr' (Scored)ġ9.1.3.3 (L1) Ensure 'Password protect the screen saver' is set to 'Enabled' (Scored)ġ9.1.3.4 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' (Scored)ġ9.7.4.1 (L1) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled' (Scored)ġ9.7.4.2 (L1) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled' (Scored)ġ9.7.37.1 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled' (Scored)Ĭommon for above controls is that they are all related to GPO User Configuration settings which pose some specific challenges due the way Windows registry and CCS works. As of SCU2016-1 there is only “CIS Microsoft Windows Server 2012 V 1.0.0” standard in Predefined folder which is currently few years old and lagging behind latest CIS benchmarks:ĬIS Microsoft Windows Server 2012 non-R2 Benchmark v2.0.0ĬIS Microsoft Windows Server 2012 R2 Benchmark v2.2.0
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |