CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Impact:

None - this is the default behavior.

Default Value:

Disabled. (The WinRM service will not respond to requests from a remote computer, regardless of whether or not any WinRM listeners are configured.)

References:

1. CCE-33146-2

CIS Controls:

Version 6

3.4 Use Only Secure Channels For Remote System Administration Perform all remote administration of servers, workstation, network devices, and similar equipment over secure channels. Protocols such as telnet, VNC, RDP, or others that do not actively support strong encryption should only be used if they are performed over a secondary encryption channel, such as SSL, TLS or IPSEC.

Version 7

9.2 Ensure Only Approved Ports, Protocols and Services Are Running Ensure that only network ports, protocols, and services listening on a system with validated business needs, are running on each system. 9.3 Perform Regular Automated Port Scans Perform automated port scans on a regular basis against all systems and alert if unauthorized ports are detected on a system.

1162 | P a g e