CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

18.8.31OS Policies

This section contains recommendations related to OS Policies.

This Group Policy section is provided by the Group Policy template OSPolicy.admx/adml that is included with the Microsoft Windows 10 Release 1709 Administrative Templates (or newer). 18.8.31.1 (L2) Ensure 'Allow Clipboard synchronization across devices' is set to 'Disabled' (Scored)

ProfileApplicability:

 Level 2 (L2) - High Security/Sensitive Data Environment (limited functionality)

Description:

This setting determines whether Clipboard contents can be synchronized across devices.

The recommended state for this setting is: Disabled .

Rationale:

In high security environments, clipboard data should stay local to the system and not synced across devices, as it may contain very sensitive information that must be contained locally.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System:AllowCrossDevic eClipboard

Remediation:

To establish the recommended configuration via GP, set the following UI path to Disabled :

Computer Configuration\Policies\Administrative Templates\System\OS Policies\Allow Clipboard synchronization across devices

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template OSPolicy.admx/adml that is included with the Microsoft Windows 10 Release 1809 & Server 2019 Administrative Templates (or newer).

717 | P a g e