Back

Configure Server Message Block (SMB) to organizational standards.


CONTROL ID
04991
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)' Description: This setting configures the start type for the Server Message Block version 1 (SMBv1) client driver service (`MRxSmb10`), which is recommended to be disabled. The recommended state for this se… (18.3.2, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 1)
  • (L1) Ensure 'Configure SMB v1 server' is set to 'Disabled' Description: This setting configures the server-side processing of the Server Message Block version 1 (SMBv1) protocol. The recommended state for this setting is: `Disabled`. Rationale: Since September 2016, Microsoft has strongly encouraged… (18.3.3, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 1)
  • (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)' Description: This setting configures the start type for the Server Message Block version 1 (SMBv1) client driver service (`MRxSmb10`), which is recommended to be disabled. The recommended state for this se… (18.3.2, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 2)
  • (L1) Ensure 'Configure SMB v1 server' is set to 'Disabled' Description: This setting configures the server-side processing of the Server Message Block version 1 (SMBv1) protocol. The recommended state for this setting is: `Disabled`. Rationale: Since September 2016, Microsoft has strongly encouraged… (18.3.3, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 2)
  • The smb service should be enabled or disabled as appropriate. Technical Mechanisms: via chkconfig Parameters: enabled / disabled References: Section: 3.18.1, Value: disabled CCE-U-203 (CCE-4551-8, Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 5, 5.20130214)