CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Impact:

Remote Desktop Services accepts requests fromRPC clients that support secure requests, and does not allow unsecured communication with untrusted clients.

Default Value:

Disabled. (Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that do not respond to the request.)

References:

1. CCE-35723-6

CIS Controls:

Version 6

3.4 Use Only Secure Channels For Remote System Administration Perform all remote administration of servers, workstation, network devices, and similar equipment over secure channels. Protocols such as telnet, VNC, RDP, or others that do not actively support strong encryption should only be used if they are performed over a secondary encryption channel, such as SSL, TLS or IPSEC.

Version 7

4.5 Use Multifactor Authentication For All Administrative Access Use multi-factor authentication and encrypted channels for all administrative account access.

1032 | P a g e