CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Impact:

Autoplay will be disabled - users will have to manually launch setup or installation programs that are provided on removable media.

Default Value:

Disabled. (Autoplay is enabled.)

References:

1. CCE-33791-5

CIS Controls:

Version 6

8.3 Limit Use Of External Devices (i.e. USB) Limit use of external devices to those with an approved, documented business need. Monitor for use and attempted use of external devices. Configure laptops, workstations, and servers so that they will not auto-run content from removable media, like USB tokens (i.e., “thumb drives”), USB hard drives, CDs/DVDs, FireWire devices, external serial advanced technology attachment devices, and mounted network shares. Configure systems so that they automatically conduct an anti-malware scan of removable media when inserted.

Version 7

8.4 Configure Anti-Malware Scanning of Removable Devices Configure devices so that they automatically conduct an anti-malware scan of removable media when inserted or connected.

8.5 Configure Devices Not To Auto-run Content Configure devices to not auto-run content from removable media.

18.9.9 Backup

This section is intentionally blank and exists to ensure the structure of Windows benchmarks is consistent.

This Group Policy section is provided by the Group Policy template UserDataBackup.admx/adml that is only included with the Microsoft Windows Vista through the Windows 10 Release 1511 Administrative Templates (except for the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates).

775 | P a g e