CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Control

Set Correctly Yes No

18.5.5.1

(L2) Ensure 'Enable Font Providers' is set to 'Disabled' (Scored)





18.5.6 18.5.7 18.5.8 18.5.8.1

Hotspot Authentication

Lanman Server

Lanman Workstation

(L1) Ensure 'Enable insecure guest logons' is set to 'Disabled' (Scored)





18.5.9 18.5.9.1

Link-Layer TopologyDiscovery

(L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' (Scored) (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' (Scored)





18.5.9.2





18.5.10

MicrosoftPeer-to-Peer Networking Services

18.5.10.1 18.5.10.2

Peer Name ResolutionProtocol

(L2) Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled' (Scored)





18.5.11

Network Connections

18.5.11.1 18.5.11.2

Windows Defender Firewall (formerlyWindows Firewall) (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' (Scored) (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' (Scored) (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' (Scored)      

18.5.11.3

18.5.11.4

18.5.12 18.5.13 18.5.14 18.5.14.1

Network Connectivity Status Indicator

Network Isolation Network Provider

(L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares' (Scored)  

18.5.15 18.5.16 18.5.17 18.5.18 18.5.19

Offline Files

QoS Packet Scheduler

SNMP

SSL ConfigurationSettings

TCPIP Settings

18.5.19.1 18.5.19.2 18.5.19.2.1

IPv6 TransitionTechnologies

Parameters

(L2) Disable IPv6(Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') (Scored)





1253 | P a g e