CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

CIS Controls:

Version 6

13.5 Disable Write Capabilities To USB Devices If there is no business need for supporting such devices, configure systems so that they will not write data to USB tokens or USB hard drives. If such devices are required, enterprise software should be used that can configure systems to allow only specific USB devices (based on serial number or other unique property) to be accessed, and that can automatically encrypt all data placed on such devices. An inventory of all authorized devices must be maintained. 13.7 Manage USB Devices If USB storage devices are required, enterprise software should be used that can configure systems to allow the use of specific devices. An inventory of such devices should be maintained. 13.8 Manage System's External Removable Media's Read/write Configurations Configure systems not to write data to external removable media, if there is no business need for supporting such devices. 13.9 Encrypt Data on USB Storage Devices If USB storage devices are required, all data stored on such devices must be encrypted while at rest. Version 7

18.8.8 DeviceRedirection

This section is intentionally blank and exists to ensure the structure of Windows benchmarks is consistent.

This Group Policy section is provided by the Group Policy template DeviceRedirection.admx/adml that is included with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates (or newer).

652 | P a g e