CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Remediation:

To establish the recommended configuration via GP, set the following UI path to Disabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Allow Basic authentication

Note: This Group Policy path is provided by the Group Policy template WindowsRemoteManagement.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.

Impact:

None - this is the default behavior.

Default Value:

Disabled. (The WinRM service will not accept Basic authentication from a remote client.)

References:

1. CCE-34779-9

CIS Controls:

Version 6

16.13 User/Account Authentication Must Be Performed Over Encrypted Channels Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels.

Version 7

14.4 Encrypt All Sensitive Information in Transit Encrypt all sensitive information in transit.

16.5 Encrypt Transmittal of Username and Authentication Credentials Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels.

1160 | P a g e