CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Control

Set Correctly Yes No

18.9.97.2.3

(L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled' (Scored) (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' (Scored)





18.9.97.2.4





18.9.98 18.9.98.1

Windows Remote Shell

(L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled' (Scored) Windows Security (formerlyWindows Defender Security Center) 



18.9.99

18.9.99.1 18.9.99.2 18.9.99.2.1 18.9.100 18.9.101 18.9.102 18.9.102.1 18.9.102.1.1

Account protection

App and browser protection

(L1) Ensure 'Prevent users frommodifying settings' is set to 'Enabled' (Scored)  

Windows SideShow

Windows SystemResource Manager

Windows Update

Windows Update forBusiness (formerlyDefer Windows Updates)

(L1) Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' (Scored) (L1) Ensure 'Select when Preview Builds and Feature Updates are received' is set to 'Enabled: Semi-Annual Channel, 180 or more days' (Scored) (L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days' (Scored) (L1) Ensure 'Configure Automatic Updates' is set to 'Enabled' (Scored) (L1) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day' (Scored) (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' (Scored) (L1) Ensure 'Remove access to “Pause updates” feature' is set to 'Enabled' (Scored)





18.9.102.1.2





18.9.102.1.3





18.9.102.2





18.9.102.3





18.9.102.4





18.9.102.5





19

Administrative Templates (User)

19.1

Control Panel

19.1.1 19.1.2 19.1.3 19.1.3.1

Add or Remove Programs

Display

Personalization (formerly DesktopThemes) (L1) Ensure 'Enable screen saver' is set to 'Enabled' (Scored)





1274 | P a g e