CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Impact:

Some legacy OSes (e.g. Windows XP, Server 2003 or older), applications and appliances may no longer be able to communicate with the system once SMBv1 is disabled. We recommend careful testing be performed to determine the impact prior to configuring this as a widespread control, and where possible, remediate any incompatibilities found with the vendor of the incompatible system. Microsoft is also maintaining a thorough (although not comprehensive) list of known SMBv1 incompatibilities at this link: SMB1 Product Clearinghouse | Storage at Microsoft

Default Value:

Windows 10 R1703 and older: Enabled.

Windows 10 R1709 and newer: Disabled.

CIS Controls:

Version 6

9.1 Limit Open Ports, Protocols, and Services Ensure that only ports, protocols, and services with validated business needs are running on each system.

Version 7

9.2 Ensure Only Approved Ports, Protocols and Services Are Running Ensure that only network ports, protocols, and services listening on a system with validated business needs, are running on each system. 9.3 Perform Regular Automated Port Scans Perform automated port scans on a regular basis against all systems and alert if unauthorized ports are detected on a system.

532 | P a g e