Back

International > SWIFT

Swift Customer Security Controls Framework (CSCF), v2019



AD ID

0003006

AD STATUS

Swift Customer Security Controls Framework (CSCF), v2019

ORIGINATOR

SWIFT

TYPE

Best Practice Guideline

AVAILABILITY

With Membership

SYNONYMS

SWIFT Customer Security Controls Framework

SWIFT Customer Security Controls Framework, Customer Security Programme

EFFECTIVE

2018-08-10

ADDED

The document as a whole was last reviewed and released on 2019-07-10T00:00:00-0700.

AD ID

0003006

AD STATUS

With Membership

ORIGINATOR

SWIFT

TYPE

Best Practice Guideline

AVAILABILITY

SYNONYMS

SWIFT Customer Security Controls Framework

SWIFT Customer Security Controls Framework, Customer Security Programme

EFFECTIVE

2018-08-10

ADDED

The document as a whole was last reviewed and released on 2019-07-10T00:00:00-0700.


Important Notice

This Authority Document In Depth Report is copyrighted - © 2024 - Network Frontiers LLC. All rights reserved. Copyright in the Authority Document analyzed herein is held by its authors. Network Frontiers makes no claims of copyright in this Authority Document.

This Authority Document In Depth Report is provided for informational purposes only and does not constitute, and should not be construed as, legal advice. The reader is encouraged to consult with an attorney experienced in these areas for further explanation and advice.

This Authority Document In Depth Report provides analysis and guidance for use and implementation of the Authority Document but it is not a substitute for the original authority document itself. Readers should refer to the original authority document as the definitive resource on obligations and compliance requirements.

The process we used to tag and map this document

This document has been mapped into the Unified Compliance Framework using a patented methodology and patented tools (you can research our patents HERE). The mapping team has taken every effort to ensure the quality of mapping is of the highest degree. To learn more about the process we use to map Authority Documents, or to become involved in that process, click HERE.

Controls and asociated Citations breakdown

When the UCF Mapping Teams tag Citations and their associated mandates within an Authority Document, those Citations and Mandates are tied to Common Controls. In addition, and by virtue of those Citations and mandates being tied to Common Controls, there are three sets of meta data that are associated with each Citation; Controls by Impact Zone, Controls by Type, and Controls by Classification.

The online version of the mapping analysis you see here is just a fraction of the work the UCF Mapping Team has done. The downloadable version of this document, available within the Common Controls Hub (available HERE) contains the following:

Document implementation analysis – statistics about the document’s alignment with Common Controls as compared to other Authority Documents and statistics on usage of key terms and non-standard terms.

Citation and Mandate Tagging and Mapping – A complete listing of each and every Citation we found within Swift Customer Security Controls Framework (CSCF), v2019 that have been tagged with their primary and secondary nouns and primary and secondary verbs in three column format. The first column shows the Citation (the marker within the Authority Document that points to where we found the guidance). The second column shows the Citation guidance per se, along with the tagging for the mandate we found within the Citation. The third column shows the Common Control ID that the mandate is linked to, and the final column gives us the Common Control itself.

Dictionary Terms – The dictionary terms listed for Swift Customer Security Controls Framework (CSCF), v2019 are based upon terms either found within the Authority Document’s defined terms section(which most legal documents have), its glossary, and for the most part, as tagged within each mandate. The terms with links are terms that are the standardized version of the term.



Common Controls and
mandates by Impact Zone
42 Mandated Controls - bold    
69 Implied Controls - italic     6644 Implementation

An Impact Zone is a hierarchical way of organizing our suite of Common Controls — it is a taxonomy. The top levels of the UCF hierarchy are called Impact Zones. Common Controls are mapped within the UCF’s Impact Zones and are maintained in a legal hierarchy within that Impact Zone. Each Impact Zone deals with a separate area of policies, standards, and procedures: technology acquisition, physical security, continuity, records management, etc.


The UCF created its taxonomy by looking at the corpus of standards and regulations through the lens of unification and a view toward how the controls impact the organization. Thus, we created a hierarchical structure for each impact zone that takes into account regulatory and standards bodies, doctrines, and language.

Number of Controls
6755 Total
  • Acquisition or sale of facilities, technology, and services
    17
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Acquisition or sale of facilities, technology, and services CC ID 01123 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain payment and settlement functions for selling products and services. CC ID 13538 Business Processes Preventive
    Establish, implement, and maintain an electronic commerce program. CC ID 08617 Business Processes Preventive
    Establish, implement, and maintain payment transaction security measures. CC ID 13088
    [Restrict transaction activity to validated and approved counterparties and within the expected bounds of normal business. 2.9A Control Objective
    Restrict transaction activity to validated and approved counterparties and within the expected bounds of normal business. 2.9A Control Objective]
    Technical Security Preventive
    Establish, implement, and maintain a list of approved third parties for payment transactions. CC ID 16349 Business Processes Preventive
    Restrict transaction activities, as necessary. CC ID 16334 Business Processes Preventive
    Notify affected parties prior to initiating high-risk funds transfer transactions. CC ID 13687 Communicate Preventive
    Reset transaction limits to zero after no activity within N* time period, as necessary. CC ID 13683 Business Processes Preventive
    Preset transaction limits for high-risk funds transfers, as necessary. CC ID 13682 Business Processes Preventive
    Implement dual authorization for high-risk funds transfers, as necessary. CC ID 13671 Business Processes Preventive
    Establish, implement, and maintain a mobile payment acceptance security program. CC ID 12182 Establish/Maintain Documentation Preventive
    Obtain cardholder authorization prior to completing payment transactions. CC ID 13108 Business Processes Preventive
    Encrypt electronic commerce transactions and messages. CC ID 08621 Configuration Preventive
    Protect the integrity of application service transactions. CC ID 12017 Business Processes Preventive
    Include required information in electronic commerce transactions and messages. CC ID 15318 Data and Information Management Preventive
    Establish, implement, and maintain telephone-initiated transaction security measures. CC ID 13566 Business Processes Preventive
    Disseminate and communicate confirmations of telephone-initiated transactions to affected parties. CC ID 13571 Communicate Preventive
  • Audits and risk management
    18
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Audits and risk management CC ID 00677 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain a risk management program. CC ID 12051 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain the risk assessment framework. CC ID 00685 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a risk assessment program. CC ID 00687 Establish/Maintain Documentation Preventive
    Perform risk assessments for all target environments, as necessary. CC ID 06452
    [Evaluate the risk and readiness of the organisation based on plausible cyber attack scenarios. 7.4A Control Objective]
    Testing Preventive
    Include the probability and potential impact of pandemics in the scope of the risk assessment. CC ID 13241 Establish/Maintain Documentation Preventive
    Include physical assets in the scope of the risk assessment. CC ID 13075 Establish/Maintain Documentation Preventive
    Include the results of the risk assessment in the risk assessment report. CC ID 06481 Establish/Maintain Documentation Preventive
    Approve the results of the risk assessment as documented in the risk assessment report. CC ID 07109 Audits and Risk Management Preventive
    Update the risk assessment upon discovery of a new threat. CC ID 00708 Establish/Maintain Documentation Detective
    Review risks to the organization's audit function when changes in the supply chain occur. CC ID 01154 Audits and Risk Management Preventive
    Update the risk assessment upon changes to the risk profile. CC ID 11627 Establish/Maintain Documentation Detective
    Review the risk to the audit function when the audit personnel status changes. CC ID 01153 Audits and Risk Management Preventive
    Document any reasons for modifying or refraining from modifying the organization's risk assessment when the risk assessment has been reviewed. CC ID 13312 Establish/Maintain Documentation Preventive
    Create a risk assessment report based on the risk assessment results. CC ID 15695 Establish/Maintain Documentation Preventive
    Disseminate and communicate the approved risk assessment report to interested personnel and affected parties. CC ID 10633 Communicate Preventive
    Conduct external audits of risk assessments, as necessary. CC ID 13308 Audits and Risk Management Detective
    Notify the organization upon completion of the external audits of the organization's risk assessment. CC ID 13313 Communicate Preventive
  • Human Resources management
    23
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Human Resources management CC ID 00763 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain a personnel management program. CC ID 14018 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a personnel security program. CC ID 10628 Establish/Maintain Documentation Preventive
    Employ individuals who have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 00782 Testing Detective
    Establish, implement, and maintain personnel screening procedures. CC ID 11700
    [Ensure the trustworthiness of staff operating the local SWIFT environment by performing personnel vetting. 5.3A Control Objective]
    Establish/Maintain Documentation Preventive
    Perform a background check during personnel screening. CC ID 11758 Human Resources Management Detective
    Perform a personal identification check during personnel screening. CC ID 06721 Human Resources Management Preventive
    Perform a criminal records check during personnel screening. CC ID 06643 Establish/Maintain Documentation Preventive
    Include all residences in the criminal records check. CC ID 13306 Process or Activity Preventive
    Document any reasons a full criminal records check could not be performed. CC ID 13305 Establish/Maintain Documentation Preventive
    Perform a personal references check during personnel screening. CC ID 06645 Human Resources Management Preventive
    Perform a credit check during personnel screening. CC ID 06646 Human Resources Management Preventive
    Perform an academic records check during personnel screening. CC ID 06647 Establish/Maintain Documentation Preventive
    Perform a drug test during personnel screening. CC ID 06648 Testing Preventive
    Perform a resume check during personnel screening. CC ID 06659 Human Resources Management Preventive
    Perform a curriculum vitae check during personnel screening. CC ID 06660 Human Resources Management Preventive
    Allow personnel being screened to appeal findings and appeal decisions. CC ID 06720 Human Resources Management Preventive
    Disseminate and communicate screening results to interested personnel and affected parties. CC ID 16445 Communicate Preventive
    Train all personnel and third parties, as necessary. CC ID 00785 Behavior Preventive
    Establish, implement, and maintain training plans. CC ID 00828 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a security awareness program. CC ID 11746 Establish/Maintain Documentation Preventive
    Disseminate and communicate the security awareness program to all interested personnel and affected parties. CC ID 00823 Behavior Preventive
    Train all personnel and third parties on how to recognize and report security incidents. CC ID 01211
    [Ensure all staff are aware of and fulfil their security responsibilities by performing regular security training and awareness activities. 7.2 Control Objective:]
    Behavior Preventive
  • Monitoring and measurement
    65
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Monitoring and measurement CC ID 00636 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain logging and monitoring operations. CC ID 00637 Log Management Detective
    Establish, implement, and maintain intrusion management operations. CC ID 00580 Monitor and Evaluate Occurrences Preventive
    Monitor systems for inappropriate usage and other security violations. CC ID 00585
    [Detect and prevent anomalous network activity into and within the local SWIFT environment. 6.5A Control Objective
    {anomalous operation} Record security events and detect anomalous actions and operations within the local SWIFT environment. 6.4 Control Objective
    Detect Anomalous Activity to Systems or Transaction Records 6
    Detect Anomalous Activity to Systems or Transaction Records 6]
    Monitor and Evaluate Occurrences Detective
    Monitor systems for blended attacks and multiple component incidents. CC ID 01225 Monitor and Evaluate Occurrences Detective
    Monitor systems for Denial of Service attacks. CC ID 01222 Monitor and Evaluate Occurrences Detective
    Monitor systems for unauthorized data transfers. CC ID 12971 Monitor and Evaluate Occurrences Preventive
    Address operational anomalies within the incident management system. CC ID 11633 Audits and Risk Management Preventive
    Monitor systems for access to restricted data or restricted information. CC ID 04721 Monitor and Evaluate Occurrences Detective
    Assign roles and responsibilities for overseeing access to restricted data or restricted information. CC ID 11950 Human Resources Management Detective
    Detect unauthorized access to systems. CC ID 06798 Monitor and Evaluate Occurrences Detective
    Incorporate potential red flags into the organization's incident management system. CC ID 04652 Monitor and Evaluate Occurrences Detective
    Incorporate an Identity Theft Prevention Program into the organization's incident management system. CC ID 11634 Audits and Risk Management Preventive
    Alert interested personnel when suspicious activity is detected by an Intrusion Detection System or Intrusion Prevention System. CC ID 06430 Monitor and Evaluate Occurrences Detective
    Alert interested personnel and affected parties when an incident causes an outage. CC ID 06808 Monitor and Evaluate Occurrences Detective
    Monitor systems for unauthorized mobile code. CC ID 10034 Monitor and Evaluate Occurrences Preventive
    Establish, implement, and maintain a testing program. CC ID 00654 Behavior Preventive
    Establish, implement, and maintain a penetration test program. CC ID 01105 Behavior Preventive
    Perform penetration tests, as necessary. CC ID 00655
    [Validate the operational security configuration and identify security gaps by performing penetration testing. 7.3A Control Objective
    Validate the operational security configuration and identify security gaps by performing penetration testing. 7.3A Control Objective]
    Testing Detective
    Perform internal penetration tests, as necessary. CC ID 12471 Technical Security Detective
    Perform external penetration tests, as necessary. CC ID 12470 Technical Security Detective
    Include coverage of all in scope systems during penetration testing. CC ID 11957 Testing Detective
    Test the system for broken access controls. CC ID 01319 Testing Detective
    Test the system for broken authentication and session management. CC ID 01320 Testing Detective
    Test the system for insecure communications. CC ID 00535 Testing Detective
    Test the system for cross-site scripting attacks. CC ID 01321 Testing Detective
    Test the system for buffer overflows. CC ID 01322 Testing Detective
    Test the system for injection flaws. CC ID 01323 Testing Detective
    Ensure protocols are free from injection flaws. CC ID 16401 Process or Activity Preventive
    Test the system for Denial of Service. CC ID 01326 Testing Detective
    Test the system for insecure configuration management. CC ID 01327 Testing Detective
    Perform network-layer penetration testing on all systems, as necessary. CC ID 01277 Testing Detective
    Test the system for cross-site request forgery. CC ID 06296 Testing Detective
    Perform application-layer penetration testing on all systems, as necessary. CC ID 11630 Technical Security Detective
    Perform penetration testing on segmentation controls, as necessary. CC ID 12498 Technical Security Detective
    Verify segmentation controls are operational and effective. CC ID 12545 Audits and Risk Management Detective
    Repeat penetration testing, as necessary. CC ID 06860 Testing Detective
    Test the system for covert channels. CC ID 10652 Testing Detective
    Estimate the maximum bandwidth of any covert channels. CC ID 10653 Technical Security Detective
    Reduce the maximum bandwidth of covert channels. CC ID 10655 Technical Security Corrective
    Test systems to determine which covert channels might be exploited. CC ID 10654 Testing Detective
    Establish, implement, and maintain a vulnerability management program. CC ID 15721 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a vulnerability assessment program. CC ID 11636 Establish/Maintain Documentation Preventive
    Perform vulnerability scans, as necessary. CC ID 11637
    [Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. 2.7 Control Objective]
    Technical Security Detective
    Repeat vulnerability scanning, as necessary. CC ID 11646 Testing Detective
    Identify and document security vulnerabilities. CC ID 11857 Technical Security Detective
    Rank discovered vulnerabilities. CC ID 11940 Investigate Detective
    Use dedicated user accounts when conducting vulnerability scans. CC ID 12098 Technical Security Preventive
    Assign vulnerability scanning to qualified personnel or external third parties. CC ID 11638 Technical Security Detective
    Record the vulnerability scanning activity in the vulnerability scan report. CC ID 12097 Establish/Maintain Documentation Preventive
    Disseminate and communicate the vulnerability scan results to interested personnel and affected parties. CC ID 16418 Communicate Preventive
    Maintain vulnerability scan reports as organizational records. CC ID 12092 Records Management Preventive
    Correlate vulnerability scan reports from the various systems. CC ID 10636 Technical Security Detective
    Perform internal vulnerability scans, as necessary. CC ID 00656 Testing Detective
    Perform vulnerability scans prior to installing payment applications. CC ID 12192 Technical Security Detective
    Implement scanning tools, as necessary. CC ID 14282 Technical Security Detective
    Update the vulnerability scanners' vulnerability list. CC ID 10634 Configuration Corrective
    Repeat vulnerability scanning after an approved change occurs. CC ID 12468 Technical Security Detective
    Perform external vulnerability scans, as necessary. CC ID 11624 Technical Security Detective
    Employ an approved third party to perform external vulnerability scans on the organization's systems. CC ID 12467 Business Processes Preventive
    Meet the requirements for a passing score during an external vulnerability scan or rescan. CC ID 12039 Testing Preventive
    Use automated mechanisms to compare new vulnerability scan reports with past vulnerability scan reports. CC ID 10635 Technical Security Detective
    Notify the interested personnel and affected parties after the failure of an automated security test. CC ID 06748 Behavior Corrective
    Correct or mitigate vulnerabilities. CC ID 12497
    [Reduce Attack Surface and Vulnerabilities 2
    Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. 2.7 Control Objective]
    Technical Security Corrective
    Establish, implement, and maintain an exception management process for vulnerabilities that cannot be remediated. CC ID 13859 Technical Security Corrective
  • Operational management
    28
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Operational management CC ID 00805 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain an Asset Management program. CC ID 06630 Business Processes Preventive
    Establish, implement, and maintain classification schemes for all systems and assets. CC ID 01902 Establish/Maintain Documentation Preventive
    Apply security controls to each level of the information classification standard. CC ID 01903 Systems Design, Build, and Implementation Preventive
    Establish, implement, and maintain the systems' integrity level. CC ID 01906
    [Ensure the software integrity of the SWIFT-related applications. 6.2 Control Objective]
    Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a customer service program. CC ID 00846 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an Incident Management program. CC ID 00853 Business Processes Preventive
    Establish, implement, and maintain incident management audit logs. CC ID 13514 Records Management Preventive
    Log incidents in the Incident Management audit log. CC ID 00857
    [{anomalous operation} Record security events and detect anomalous actions and operations within the local SWIFT environment. 6.4 Control Objective]
    Establish/Maintain Documentation Preventive
    Include who the incident was reported to in the incident management audit log. CC ID 16487 Log Management Preventive
    Include corrective actions in the incident management audit log. CC ID 16466 Establish/Maintain Documentation Preventive
    Include the organizational functions affected by disruption in the Incident Management audit log. CC ID 12238 Log Management Corrective
    Include the organization's business products and services affected by disruptions in the Incident Management audit log. CC ID 12234 Log Management Preventive
    Establish, implement, and maintain an Incident Response program. CC ID 00579 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain an incident response plan. CC ID 12056
    [Plan for Incident Response and Information Sharing 7]
    Establish/Maintain Documentation Preventive
    Include addressing external communications in the incident response plan. CC ID 13351 Establish/Maintain Documentation Preventive
    Include addressing internal communications in the incident response plan. CC ID 13350 Establish/Maintain Documentation Preventive
    Include change control procedures in the incident response plan. CC ID 15479 Establish/Maintain Documentation Preventive
    Include addressing information sharing in the incident response plan. CC ID 13349
    [Plan for Incident Response and Information Sharing 7]
    Establish/Maintain Documentation Preventive
    Include dynamic reconfiguration in the incident response plan. CC ID 14306 Establish/Maintain Documentation Preventive
    Include a definition of reportable incidents in the incident response plan. CC ID 14303 Establish/Maintain Documentation Preventive
    Include the management support needed for incident response in the incident response plan. CC ID 14300 Establish/Maintain Documentation Preventive
    Include root cause analysis in the incident response plan. CC ID 16423 Establish/Maintain Documentation Preventive
    Include how incident response fits into the organization in the incident response plan. CC ID 14294 Establish/Maintain Documentation Preventive
    Include the resources needed for incident response in the incident response plan. CC ID 14292 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a cyber incident response plan. CC ID 13286
    [{be consistent} {be effective} Ensure a consistent and effective approach for the management of cyber incidents. 7.1 Control Objective]
    Establish/Maintain Documentation Preventive
    Test the incident response procedures. CC ID 01216
    [Evaluate the risk and readiness of the organisation based on plausible cyber attack scenarios. 7.4A Control Objective]
    Testing Detective
    Document the results of incident response tests and provide them to senior management. CC ID 14857 Actionable Reports or Measurements Preventive
  • Physical and environmental protection
    65
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Physical and environmental protection CC ID 00709 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain a physical security program. CC ID 11757 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain physical security procedures. CC ID 13076
    [Physically Secure the Environment 3]
    Establish/Maintain Documentation Preventive
    Analyze and evaluate engineering systems. CC ID 13080 Physical and Environmental Protection Preventive
    Analyze and evaluate facilities and their structural elements. CC ID 13079 Physical and Environmental Protection Preventive
    Analyze and evaluate mechanical systems, as necessary. CC ID 13078 Physical and Environmental Protection Preventive
    Report damaged property to interested personnel and affected parties. CC ID 13702 Communicate Corrective
    Establish, implement, and maintain a facility physical security program. CC ID 00711 Establish/Maintain Documentation Preventive
    Identify and document physical access controls for all physical entry points. CC ID 01637 Establish/Maintain Documentation Preventive
    Control physical access to (and within) the facility. CC ID 01329
    [Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. 3.1 Control Objective]
    Physical and Environmental Protection Preventive
    Establish, implement, and maintain physical access procedures. CC ID 13629
    [Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. 3.1 Control Objective]
    Establish/Maintain Documentation Preventive
    Meet the physical access requirements of disabled individuals, if reasonably possible. CC ID 00419 Physical and Environmental Protection Preventive
    Secure physical entry points with physical access controls or security guards. CC ID 01640 Physical and Environmental Protection Detective
    Configure the access control system to grant access only during authorized working hours. CC ID 12325 Physical and Environmental Protection Preventive
    Establish, implement, and maintain a visitor access permission policy. CC ID 06699 Establish/Maintain Documentation Preventive
    Escort visitors within the facility, as necessary. CC ID 06417 Establish/Maintain Documentation Preventive
    Check the visitor's stated identity against a provided government issued identification. CC ID 06701 Physical and Environmental Protection Preventive
    Authorize visitors before granting entry to physical areas containing restricted data or restricted information. CC ID 01330 Testing Preventive
    Disseminate and communicate the right of the organization to search visitors while at the facility. CC ID 06702 Behavior Preventive
    Establish, implement, and maintain procedures for changing a visitor's access requirements. CC ID 12048 Establish/Maintain Documentation Preventive
    Maintain and review facility access lists of personnel who have been granted authorized entry to (and within) facilities that contain restricted data or restricted information. CC ID 01436 Establish/Maintain Documentation Preventive
    Change access requirements to organizational assets for personnel and visitors, as necessary. CC ID 12463 Physical and Environmental Protection Corrective
    Authorize physical access to sensitive areas based on job functions. CC ID 12462 Establish/Maintain Documentation Preventive
    Escort uncleared personnel who need to work in or access controlled access areas. CC ID 00747 Monitor and Evaluate Occurrences Preventive
    Establish, implement, and maintain physical identification procedures. CC ID 00713 Establish/Maintain Documentation Preventive
    Disallow opting out of wearing or displaying identification cards or badges. CC ID 13030 Human Resources Management Preventive
    Implement physical identification processes. CC ID 13715 Process or Activity Preventive
    Refrain from using knowledge-based authentication for in-person identity verification. CC ID 13717 Process or Activity Preventive
    Issue photo identification badges to all employees. CC ID 12326 Physical and Environmental Protection Preventive
    Implement operational requirements for card readers. CC ID 02225 Testing Preventive
    Establish, implement, and maintain lost or damaged identification card procedures, as necessary. CC ID 14819 Establish/Maintain Documentation Preventive
    Document all lost badges in a lost badge list. CC ID 12448 Establish/Maintain Documentation Corrective
    Report lost badges, stolen badges, and broken badges to the Security Manager. CC ID 12334 Physical and Environmental Protection Preventive
    Manage constituent identification inside the facility. CC ID 02215 Behavior Preventive
    Direct each employee to be responsible for their identification card or badge. CC ID 12332 Human Resources Management Preventive
    Manage visitor identification inside the facility. CC ID 11670 Physical and Environmental Protection Preventive
    Issue visitor identification badges to all non-employees. CC ID 00543 Behavior Preventive
    Secure unissued visitor identification badges. CC ID 06712 Physical and Environmental Protection Preventive
    Retrieve visitor identification badges prior to the exit of a visitor from the facility. CC ID 01331 Behavior Preventive
    Include name, date of entry, and validity period on disposable identification cards or badges. CC ID 12331 Physical and Environmental Protection Preventive
    Establish, implement, and maintain identification issuance procedures for identification cards or badges. CC ID 06598 Establish/Maintain Documentation Preventive
    Record the assigned identification card or badge serial number when issuing an identification card or badge. CC ID 06714 Process or Activity Preventive
    Include error handling controls in identification issuance procedures. CC ID 13709 Establish/Maintain Documentation Preventive
    Include an appeal process in the identification issuance procedures. CC ID 15428 Business Processes Preventive
    Include information security in the identification issuance procedures. CC ID 15425 Establish/Maintain Documentation Preventive
    Include identity proofing processes in the identification issuance procedures. CC ID 06597 Process or Activity Preventive
    Establish, implement, and maintain post-issuance update procedures for identification cards or badges. CC ID 15426 Establish/Maintain Documentation Preventive
    Include an identity registration process in the identification issuance procedures. CC ID 11671 Establish/Maintain Documentation Preventive
    Restrict access to the badge system to authorized personnel. CC ID 12043 Physical and Environmental Protection Preventive
    Enforce dual control for badge assignments. CC ID 12328 Physical and Environmental Protection Preventive
    Enforce dual control for accessing unassigned identification cards or badges. CC ID 12327 Physical and Environmental Protection Preventive
    Refrain from imprinting the company name or company logo on identification cards or badges. CC ID 12282 Physical and Environmental Protection Preventive
    Establish, implement, and maintain identification renewal procedures for identification cards or badges. CC ID 06599 Establish/Maintain Documentation Preventive
    Assign employees the responsibility for controlling their identification badges. CC ID 12333 Human Resources Management Preventive
    Establish, implement, and maintain identification re-issuing procedures for identification cards or badges. CC ID 06596 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain identification mechanism termination procedures. CC ID 06306 Establish/Maintain Documentation Preventive
    Prevent tailgating through physical entry points. CC ID 06685 Physical and Environmental Protection Preventive
    Implement physical security standards for mainframe rooms or data centers. CC ID 00749
    [Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. 3.1 Control Objective]
    Physical and Environmental Protection Preventive
    Establish and maintain equipment security cages in a shared space environment. CC ID 06711 Physical and Environmental Protection Preventive
    Secure systems in lockable equipment cabinets, as necessary. CC ID 06716 Physical and Environmental Protection Preventive
    Lock all lockable equipment cabinets. CC ID 11673 Physical and Environmental Protection Detective
    Establish, implement, and maintain physical security controls for distributed assets. CC ID 00718 Physical and Environmental Protection Preventive
    Restrict physical access to distributed assets. CC ID 11865
    [Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. 3.1 Control Objective]
    Physical and Environmental Protection Preventive
    House network hardware in lockable rooms or lockable equipment cabinets. CC ID 01873 Physical and Environmental Protection Preventive
    Protect electronic storage media with physical access controls. CC ID 00720 Physical and Environmental Protection Preventive
  • Records management
    11
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    Records management CC ID 00902 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain records management procedures. CC ID 11619 Establish/Maintain Documentation Preventive
    Include record integrity techniques in the records management procedures. CC ID 06418
    [Ensure the integrity of the database records for the SWIFT messaging interface. 6.3 Control Objective]
    Establish/Maintain Documentation Preventive
    Note in electronic records converted from printed records, the location of the original. CC ID 11809 Records Management Preventive
    Incorporate desktop publishing into the organization's Records Management program. CC ID 06535 Establish/Maintain Documentation Preventive
    Provide structures for browsing records stored in the Electronic Document and Records Management system. CC ID 10009 Business Processes Preventive
    Provide structures for searching for items stored in the Electronic Document and Records Management system. CC ID 10010 Business Processes Preventive
    Provide structures for downloading records from the Electronic Document and Records Management system. CC ID 10011 Business Processes Preventive
    Provide structures for managing e-mail stored in the Electronic Document and Records Management system. CC ID 10012 Business Processes Preventive
    Provide structures for authorized parties to approve record updates in the Electronic Document and Records Management system. CC ID 11965 Records Management Preventive
    Provide structures for version control of records stored in the Electronic Document and Records Management system. CC ID 10013 Business Processes Preventive
  • System hardening through configuration management
    6315
    KEY:    Primary Verb     Primary Noun     Secondary Verb     Secondary Noun     Limiting Term
    Mandated - bold    Implied - italic    Implementation - regular TYPE CLASS
    System hardening through configuration management CC ID 00860 IT Impact Zone IT Impact Zone
    Establish, implement, and maintain system hardening procedures. CC ID 12001
    [{SWIFT messaging interface} {SWIFT-related application} Reduce the attack surface of SWIFT-related components by performing application hardening on the SWIFT-certified messaging and communication interfaces and related applications. 2.10A Control Objective
    Reduce the cyber attack surface of SWIFT-related components by performing system hardening. 2.3 Control Objective]
    Establish/Maintain Documentation Preventive
    Configure session timeout and reauthentication settings according to organizational standards. CC ID 12460 Technical Security Preventive
    Configure the Intrusion Detection System and Intrusion Prevention System in accordance with organizational standards. CC ID 04831 Configuration Preventive
    Enable historical logging on the Intrusion Detection System and Intrusion Prevention System. CC ID 04836 Configuration Preventive
    Configure automatic logoff to terminate the sessions based on inactivity according to organizational standards. CC ID 04490 Configuration Preventive
    Configure the Intrusion Detection System and the Intrusion Prevention System to detect rogue devices and unauthorized connections. CC ID 04837 Configuration Preventive
    Display an explicit logout message when disconnecting an authenticated communications session. CC ID 10093 Configuration Preventive
    Configure the Intrusion Detection System and the Intrusion Prevention System to alert upon finding rogue devices and unauthorized connections. CC ID 07062 Configuration Preventive
    Invalidate session identifiers upon session termination. CC ID 10649 Technical Security Preventive
    Configure “Docker” to organizational standards. CC ID 14457 Configuration Preventive
    Configure the "autolock" argument to organizational standards. CC ID 14547 Configuration Preventive
    Configure the "COPY" instruction to organizational standards. CC ID 14515 Configuration Preventive
    Configure the "memory" argument to organizational standards. CC ID 14497 Configuration Preventive
    Configure the "docker0" bridge to organizational standards. CC ID 14504 Configuration Preventive
    Configure the "docker exec commands" to organizational standards. CC ID 14502 Configuration Preventive
    Configure the "health-cmd" argument to organizational standards. CC ID 14527 Configuration Preventive
    Configure the "HEALTHCHECK" to organizational standards. CC ID 14511 Configuration Detective
    Configure the maximum number of images to organizational standards. CC ID 14545 Configuration Preventive
    Configure the minimum number of manager nodes to organizational standards. CC ID 14543 Configuration Preventive
    Configure the "on-failure" restart policy to organizational standards. CC ID 14542 Configuration Preventive
    Configure the maximum number of containers to organizational standards. CC ID 14540 Configuration Preventive
    Configure the "lifetime_minutes" to organizational standards. CC ID 14539 Configuration Preventive
    Configure the "Linux kernel capabilities" to organizational standards. CC ID 14531 Configuration Preventive
    Configure the "Docker socket" to organizational standards. CC ID 14506 Configuration Preventive
    Configure the "read-only" argument to organizational standards. CC ID 14498 Configuration Preventive
    Configure the signed image enforcement to organizational standards. CC ID 14517 Configuration Preventive
    Configure the "storage-opt" argument to organizational standards. CC ID 14658 Configuration Preventive
    Configure the "swarm services" to organizational standards. CC ID 14516 Configuration Preventive
    Configure the "experimental" argument to organizational standards. CC ID 14494 Configuration Preventive
    Configure the cluster role-based access control policies to organizational standards. CC ID 14514 Configuration Preventive
    Configure the "secret management commands" to organizational standards. CC ID 14512 Configuration Preventive
    Configure the "renewal_threshold_minutes" to organizational standards. CC ID 14538 Configuration Preventive
    Configure the "docker swarm unlock-key" command to organizational standards. CC ID 14490 Configuration Preventive
    Configure the "per_user_limit" to organizational standards. CC ID 14523 Configuration Preventive
    Configure the "privileged" argument to organizational standards. CC ID 14510 Configuration Preventive
    Configure the "update instructions" to organizational standards. CC ID 14525 Configuration Preventive
    Configure the "swarm mode" to organizational standards. CC ID 14508 Configuration Preventive
    Configure the "USER" directive to organizational standards. CC ID 14507 Configuration Preventive
    Configure the "DOCKER_CONTENT_TRUST" to organizational standards. CC ID 14488 Configuration Preventive
    Configure the "no-new-privileges" argument to organizational standards. CC ID 14474 Configuration Preventive
    Configure the "seccomp-profile" argument to organizational standards. CC ID 14503 Configuration Preventive
    Configure the "cpu-shares" argument to organizational standards. CC ID 14489 Configuration Preventive
    Configure the "volume" argument to organizational standards. CC ID 14533 Configuration Preventive
    Configure the "cgroup-parent" to organizational standards. CC ID 14466 Configuration Preventive
    Configure the "live-restore" argument to organizational standards. CC ID 14465 Configuration Preventive
    Configure the "userland-proxy" argument to organizational standards. CC ID 14464 Configuration Preventive
    Configure the "user namespace support" to organizational standards. CC ID 14462 Configuration Preventive
    Configure "etcd" to organizational standards. CC ID 14535 Configuration Preventive
    Configure the "auto-tls" argument to organizational standards. CC ID 14621 Configuration Preventive
    Configure the "peer-auto-tls" argument to organizational standards. CC ID 14636 Configuration Preventive
    Configure the "peer-client-cert-auth" argument to organizational standards. CC ID 14614 Configuration Preventive
    Configure the "peer-cert-file" argument to organizational standards. CC ID 14606 Configuration Preventive
    Configure the "key-file" argument to organizational standards. CC ID 14604 Configuration Preventive
    Configure the "cert-file" argument to organizational standards. CC ID 14602 Configuration Preventive
    Configure the "client-cert-auth" argument to organizational standards. CC ID 14596 Configuration Preventive
    Configure the "peer-key-file" argument to organizational standards. CC ID 14595 Configuration Preventive
    Establish, implement, and maintain container orchestration. CC ID 16350 Technical Security Preventive
    Configure "Kubernetes" to organizational standards. CC ID 14528 Configuration Preventive
    Configure the "ImagePolicyWebhook" admission controller to organizational standards. CC ID 14657 Configuration Preventive
    Configure the "allowedCapabilities" to organizational standards. CC ID 14653 Configuration Preventive
    Configure the "allowPrivilegeEscalation" flag to organizational standards. CC ID 14645 Configuration Preventive
    Configure the "Security Context" to organizational standards. CC ID 14656 Configuration Preventive
    Configure the "cluster-admin" role to organizational standards. CC ID 14642 Configuration Preventive
    Configure the "automountServiceAccountToken" to organizational standards. CC ID 14639 Configuration Preventive
    Configure the "audit-log-maxsize" argument to organizational standards. CC ID 14624 Configuration Detective
    Configure the "seccomp" profile to organizational standards. CC ID 14652 Configuration Preventive
    Configure the "securityContext.privileged" flag to organizational standards. CC ID 14641 Configuration Preventive
    Configure the "audit-log-path" argument to organizational standards. CC ID 14622 Configuration Detective
    Configure the "audit-log-maxbackup" argument to organizational standards. CC ID 14613 Configuration Detective
    Configure the "audit-policy-file" to organizational standards. CC ID 14610 Configuration Preventive
    Configure the "audit-log-maxage" argument to organizational standards. CC ID 14605 Configuration Detective
    Configure the "bind-address" argument to organizational standards. CC ID 14601 Configuration Preventive
    Configure the "request-timeout" argument to organizational standards. CC ID 14583 Configuration Preventive
    Configure the "secure-port" argument to organizational standards. CC ID 14582 Configuration Preventive
    Configure the "service-account-key-file" argument to organizational standards. CC ID 14581 Configuration Preventive
    Configure the "insecure-bind-address" argument to organizational standards. CC ID 14580 Configuration Preventive
    Configure the "service-account-lookup" argument to organizational standards. CC ID 14579 Configuration Preventive
    Configure the "admission control plugin PodSecurityPolicy" to organizational standards. CC ID 14578 Configuration Preventive
    Configure the "profiling" argument to organizational standards. CC ID 14577 Configuration Preventive
    Configure the "hostNetwork" flag to organizational standards. CC ID 14649 Configuration Preventive
    Configure the "hostPID" flag to organizational standards. CC ID 14648 Configuration Preventive
    Configure the "etcd-certfile" argument to organizational standards. CC ID 14584 Configuration Preventive
    Configure the "runAsUser.rule" to organizational standards. CC ID 14651 Configuration Preventive
    Configure the "requiredDropCapabilities" to organizational standards. CC ID 14650 Configuration Preventive
    Configure the "hostIPC" flag to organizational standards. CC ID 14643 Configuration Preventive
    Configure the "admission control plugin ServiceAccount" to organizational standards. CC ID 14576 Configuration Preventive
    Configure the "insecure-port" argument to organizational standards. CC ID 14575 Configuration Preventive
    Configure the "admission control plugin AlwaysPullImages" to organizational standards. CC ID 14574 Configuration Preventive
    Configure the "pod" to organizational standards. CC ID 14644 Configuration Preventive
    Configure the "ClusterRoles" to organizational standards. CC ID 14637 Configuration Preventive
    Configure the "event-qps" argument to organizational standards. CC ID 14633 Configuration Preventive
    Configure the "Kubelet" to organizational standards. CC ID 14635 Configuration Preventive
    Configure the "NET_RAW" to organizational standards. CC ID 14647 Configuration Preventive
    Configure the "make-iptables-util-chains" argument to organizational standards. CC ID 14638 Configuration Preventive
    Configure the "hostname-override" argument to organizational standards. CC ID 14631 Configuration Preventive
    Configure the "admission control plugin NodeRestriction" to organizational standards. CC ID 14573 Configuration Preventive
    Configure the "admission control plugin AlwaysAdmit" to organizational standards. CC ID 14572 Configuration Preventive
    Configure the "etcd-cafile" argument to organizational standards. CC ID 14592 Configuration Preventive
    Configure the "encryption-provider-config" argument to organizational standards. CC ID 14587 Configuration Preventive
    Configure the "rotate-certificates" argument to organizational standards. CC ID 14640 Configuration Preventive
    Configure the "etcd-keyfile" argument to organizational standards. CC ID 14586 Configuration Preventive
    Configure the "client-ca-file" argument to organizational standards. CC ID 14585 Configuration Preventive
    Configure the "kube-apiserver" to organizational standards. CC ID 14589 Configuration Preventive
    Configure the "tls-private-key-file" argument to organizational standards. CC ID 14590 Configuration Preventive
    Configure the "streaming-connection-idle-timeout" argument to organizational standards. CC ID 14634 Configuration Preventive
    Configure the "RotateKubeletServerCertificate" argument to organizational standards. CC ID 14626 Configuration Preventive
    Configure the "protect-kernel-defaults" argument to organizational standards. CC ID 14629 Configuration Preventive
    Configure the "read-only-port" argument to organizational standards. CC ID 14627 Configuration Preventive
    Configure the "admission control plugin NamespaceLifecycle" to organizational standards. CC ID 14571 Configuration Preventive
    Configure the "terminated-pod-gc-threshold" argument to organizational standards. CC ID 14593 Configuration Preventive
    Configure the "tls-cert-file" argument to organizational standards. CC ID 14588 Configuration Preventive
    Configure the "kubelet-certificate-authority" argument to organizational standards. CC ID 14570 Configuration Preventive
    Configure the "service-account-private-key-file" argument to organizational standards. CC ID 14607 Configuration Preventive
    Configure the "admission control plugin SecurityContextDeny" to organizational standards. CC ID 14569 Configuration Preventive
    Configure the "kubelet-client-certificate" argument to organizational standards. CC ID 14568 Configuration Preventive
    Configure the "root-ca-file" argument to organizational standards. CC ID 14599 Configuration Preventive
    Configure the "admission control plugin EventRateLimit" to organizational standards. CC ID 14567 Configuration Preventive
    Configure the "use-service-account-credentials" argument to organizational standards. CC ID 14594 Configuration Preventive
    Configure the "token-auth-file" argument to organizational standards. CC ID 14566 Configuration Preventive
    Configure the "authorization-mode" argument to organizational standards. CC ID 14565 Configuration Preventive
    Configure the "anonymous-auth" argument to organizational standards. CC ID 14564 Configuration Preventive
    Configure the "kubelet-client-key" argument to organizational standards. CC ID 14563 Configuration Preventive
    Configure the "kubelet-https" argument to organizational standards. CC ID 14561 Configuration Preventive
    Configure the "basic-auth-file" argument to organizational standards. CC ID 14559 Configuration Preventive
    Configure the Remote Deposit Capture system to organizational standards. CC ID 13569 Configuration Preventive
    Prohibit files from containing wild cards, as necessary. CC ID 16318 Process or Activity Preventive
    Block and/or remove unnecessary software and unauthorized software. CC ID 00865 Configuration Preventive
    Assign system hardening to qualified personnel. CC ID 06813 Establish Roles Preventive
    Use the latest approved version of all software. CC ID 00897 Technical Security Preventive
    Install the most current Windows Service Pack. CC ID 01695 Configuration Preventive
    Install critical security updates and important security updates in a timely manner. CC ID 01696
    [Minimise the occurrence of known technical vulnerabilities within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. 2.2 Control Objective
    Minimise the occurrence of known technical vulnerabilities within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. 2.2 Control Objective
    Minimise the occurrence of known technical vulnerabilities within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. 2.2 Control Objective]
    Configuration Preventive
    Include risk information when communicating critical security updates. CC ID 14948 Communicate Preventive
    Change default configurations, as necessary. CC ID 00877 Configuration Preventive
    Configure custom security parameters for X-Windows. CC ID 02168 Configuration Preventive
    Configure custom security settings for Lotus Domino. CC ID 02171 Configuration Preventive
    Configure custom security settings for the Automated Security Enhancement Tool. CC ID 02177 Configuration Preventive
    Configure custom Security settings for Sun Answerbook2. CC ID 02178 Configuration Preventive
    Configure custom security settings for Command (PROM) Monitor. CC ID 02180 Configuration Preventive
    Configure and secure each interface for Executive Interfaces. CC ID 02182 Configuration Preventive
    Reconfigure the default settings and configure the system security for Site Management Complex. CC ID 02183 Configuration Preventive
    Configure the unisys executive (GENNED) GEN tags. CC ID 02184 Configuration Preventive
    Reconfigure the default Console Mode privileges. CC ID 02189 Configuration Preventive
    Restrict access to security-related Console Mode key-in groups based on the security profiles. CC ID 02190 Configuration Preventive
    Configure security profiles for the various Console Mode levels. CC ID 02191 Configuration Preventive
    Configure custom access privileges for all mapper files. CC ID 02194 Configuration Preventive
    Configure custom access privileges for the PSERVER configuration file. CC ID 02195 Configuration Preventive
    Configure custom access privileges for the DEPCON configuration file. CC ID 02196 Configuration Preventive
    Disable the default NetWare user web page unless absolutely necessary. CC ID 04447 Configuration Preventive
    Enable and reset the primary administrator names, primary administrator passwords, root names, and root passwords. CC ID 04448 Configuration Preventive
    Remove unnecessary documentation or unprotected documentation from installed applications. CC ID 04452 Configuration Preventive
    Complete the NetWare eGuide configuration. CC ID 04449 Configuration Preventive
    Verify the usr/aset/masters/uid_aliases file exists and contains an appropriate aliases list. CC ID 04902 Configuration Preventive
    Set the low security directory list properly. CC ID 04903 Configuration Preventive
    Set the medium security directory list properly. CC ID 04904 Configuration Preventive
    Set the high security directory list properly. CC ID 04905 Configuration Preventive
    Set the UID aliases pointer properly. CC ID 04906 Configuration Preventive
    Verify users are listed in the ASET userlist file. CC ID 04907 Technical Security Preventive
    Verify Automated Security Enhancement Tool checks the NIS+ tables, as appropriate. CC ID 04908 Testing Preventive
    Reconfigure the encryption keys from their default setting or previous setting. CC ID 06079 Configuration Preventive
    Change the default Service Set Identifier for Wireless Access Points and wireless bridges. CC ID 06086 Configuration Preventive
    Revoke public execute privileges for all processes or applications that allow such privileges. CC ID 06568 Configuration Preventive
    Configure the system's booting configuration. CC ID 10656 Configuration Preventive
    Configure the system to boot directly to the correct Operating System. CC ID 04509 Configuration Preventive
    Verify an appropriate bootloader is used. CC ID 04900 Configuration Preventive
    Configure the ability to boot from USB devices, as appropriate. CC ID 04901 Configuration Preventive
    Configure the system to boot from hardware enforced read-only media. CC ID 10657 Configuration Preventive
    Establish, implement, and maintain procedures to standardize operating system software installation. CC ID 00869 Establish/Maintain Documentation Preventive
    Verify operating system installation plans include software security considerations. CC ID 00870 Establish/Maintain Documentation Preventive
    Configure the "Approved Installation Sites for ActiveX Controls" security mechanism properly. CC ID 04909 Configuration Preventive
    Configure Least Functionality and Least Privilege settings to organizational standards. CC ID 07599 Configuration Preventive
    Prohibit directories from having read/write capability, as appropriate. CC ID 16313 Configuration Preventive
    Configure "Block public access (bucket settings)" to organizational standards. CC ID 15444 Configuration Preventive
    Configure S3 Bucket Policies to organizational standards. CC ID 15431 Configuration Preventive
    Configure "Allow suggested apps in Windows Ink Workspace" to organizational standards. CC ID 15417 Configuration Preventive
    Configure "Allow Cloud Search" to organizational standards. CC ID 15416 Configuration Preventive
    Configure "Configure Watson events" to organizational standards. CC ID 15414 Configuration Preventive
    Configure "Allow Clipboard synchronization across devices" to organizational standards. CC ID 15412 Configuration Preventive
    Configure "Prevent users from modifying settings" to organizational standards. CC ID 15411 Configuration Preventive
    Configure "Prevent users from sharing files within their profile" to organizational standards. CC ID 15408 Configuration Preventive
    Configure "Manage preview builds" to organizational standards. CC ID 15405 Configuration Preventive
    Configure "Turn off Help Experience Improvement Program" to organizational standards. CC ID 15403 Configuration Preventive
    Configure "Sign-in and lock last interactive user automatically after a restart" to organizational standards. CC ID 15402 Configuration Preventive
    Configure "Hardened UNC Paths" to organizational standards. CC ID 15400 Configuration Preventive
    Configure "Turn off all Windows spotlight features" to organizational standards. CC ID 15397 Configuration Preventive
    Configure "Allow Message Service Cloud Sync" to organizational standards. CC ID 15396 Configuration Preventive
    Configure "Configure local setting override for reporting to Microsoft MAPS" to organizational standards. CC ID 15394 Configuration Preventive
    Configure "Configure Windows spotlight on lock screen" to organizational standards. CC ID 15391 Configuration Preventive
    Configure "Do not suggest third-party content in Windows spotlight" to organizational standards. CC ID 15389 Configuration Preventive
    Configure "Enable Font Providers" to organizational standards. CC ID 15388 Configuration Preventive
    Configure "Disallow copying of user input methods to the system account for sign-in" to organizational standards. CC ID 15386 Configuration Preventive
    Configure "Do not display network selection UI" to organizational standards. CC ID 15381 Configuration Preventive
    Configure "Turn off KMS Client Online AVS Validation" to organizational standards. CC ID 15380 Configuration Preventive
    Configure "Allow Telemetry" to organizational standards. CC ID 15378 Configuration Preventive
    Configure "Allow users to enable online speech recognition services" to organizational standards. CC ID 15377 Configuration Preventive
    Configure "Prevent enabling lock screen camera" to organizational standards. CC ID 15373 Configuration Preventive
    Configure "Continue experiences on this device" to organizational standards. CC ID 15372 Configuration Preventive
    Configure "Prevent the usage of OneDrive for file storage" to organizational standards. CC ID 15369 Configuration Preventive
    Configure "Do not use diagnostic data for tailored experiences" to organizational standards. CC ID 15367 Configuration Preventive
    Configure "Network access: Restrict clients allowed to make remote calls to SAM" to organizational standards. CC ID 15365 Configuration Preventive
    Configure "Turn off Microsoft consumer experiences" to organizational standards. CC ID 15363 Configuration Preventive
    Configure "Allow Use of Camera" to organizational standards. CC ID 15362 Configuration Preventive
    Configure "Allow Online Tips" to organizational standards. CC ID 15360 Configuration Preventive
    Configure "Turn off cloud optimized content" to organizational standards. CC ID 15357 Configuration Preventive
    Configure "Apply UAC restrictions to local accounts on network logons" to organizational standards. CC ID 15356 Configuration Preventive
    Configure "Toggle user control over Insider builds" to organizational standards. CC ID 15354 Configuration Preventive
    Configure "Allow network connectivity during connected-standby (plugged in)" to organizational standards. CC ID 15353 Configuration Preventive
    Configure "Do not show feedback notifications" to organizational standards. CC ID 15350 Configuration Preventive
    Configure "Prevent enabling lock screen slide show" to organizational standards. CC ID 15349 Configuration Preventive
    Configure "Turn off the advertising ID" to organizational standards. CC ID 15348 Configuration Preventive
    Configure "Allow Windows Ink Workspace" to organizational standards. CC ID 15346 Configuration Preventive
    Configure "Allow a Windows app to share application data between users" to organizational standards. CC ID 15345 Configuration Preventive
    Configure "Turn off handwriting personalization data sharing" to organizational standards. CC ID 15339 Configuration Preventive
    Configure the "Devices: Prevent users from installing printer drivers" to organizational standards. CC ID 07600 Configuration Preventive
    Configure the "Log on as a service" to organizational standards. CC ID 07609 Configuration Preventive
    Configure "Restore files and directories" to organizational standards. CC ID 07610 Configuration Preventive
    Configure the "Back up files and directories" to organizational standards. CC ID 07629 Configuration Preventive
    Configure the "Change the system time" to organizational standards. CC ID 07633 Configuration Preventive
    Configure the "Network access: Do not allow anonymous enumeration of SAM accounts" to organizational standards. CC ID 07635 Configuration Preventive
    Configure the "Perform volume maintenance tasks" to organizational standards. CC ID 07653 Configuration Preventive
    Configure the "Create global objects" to organizational standards. CC ID 07659 Configuration Preventive
    Configure the "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies" to organizational standards. CC ID 07660 Configuration Preventive
    Configure the "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax" to organizational standards. CC ID 07671 Configuration Preventive
    Configure the "Network access: Named Pipes that can be accessed anonymously" to organizational standards. CC ID 07676 Configuration Preventive
    Configure the "Change the time zone" to organizational standards. CC ID 07677 Configuration Preventive
    Configure the "Adjust memory quotas for a process" to organizational standards. CC ID 07685 Configuration Preventive
    Configure the "Add workstations to domain" to organizational standards. CC ID 07689 Configuration Preventive
    Configure the "Take ownership of files or other objects" to organizational standards. CC ID 07691 Configuration Preventive
    Configure the "Access this computer from the network" to organizational standards. CC ID 07706 Configuration Preventive
    Configure the "MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments)" to organizational standards. CC ID 07710 Configuration Preventive
    Configure the "Shutdown: Allow system to be shut down without having to log on" to organizational standards. CC ID 07717 Configuration Preventive
    Configure the "System objects: Require case insensitivity for non-Windows subsystems" to organizational standards. CC ID 07718 Configuration Preventive
    Configure the "Domain controller: Allow server operators to schedule tasks" to organizational standards. CC ID 07722 Configuration Preventive
    Configure the "Debug programs" to organizational standards. CC ID 07729 Configuration Preventive
    Configure the "Increase scheduling priority" to organizational standards. CC ID 07739 Configuration Preventive
    Configure the "Load and unload device drivers" to organizational standards. CC ID 07745 Configuration Preventive
    Configure the "Modify an object label" to organizational standards. CC ID 07755 Configuration Preventive
    Configure the "Deny log on as a service" to organizational standards. CC ID 07762 Configuration Preventive
    Configure the "Recovery console: Allow automatic administrative logon" to organizational standards. CC ID 07770 Configuration Preventive
    Configure the "Create a token object" to organizational standards. CC ID 07774 Configuration Preventive
    Configure the "Create symbolic links" to organizational standards. CC ID 07778 Configuration Preventive
    Configure the "Deny access to this computer from the network" to organizational standards. CC ID 07779 Configuration Preventive
    Configure the "Deny log on locally" to organizational standards. CC ID 07781 Configuration Preventive
    Configure the "Manage auditing and security log" to organizational standards. CC ID 07783 Configuration Preventive
    Configure the "Lock pages in memory" to organizational standards. CC ID 07784 Configuration Preventive
    Configure the "Shutdown: Clear virtual memory pagefile" to organizational standards. CC ID 07787 Configuration Preventive
    Configure the "Increase a process working set" to organizational standards. CC ID 07788 Configuration Preventive
    Configure the "Generate security audits" to organizational standards. CC ID 07796 Configuration Preventive
    Configure the "Remove computer from docking station" to organizational standards. CC ID 07802 Configuration Preventive
    Configure the "System settings: Optional subsystems" to organizational standards. CC ID 07804 Configuration Preventive
    Configure the "Shut down the system" to organizational standards. CC ID 07808 Configuration Preventive
    Configure the "Bypass traverse checking" to organizational standards. CC ID 07809 Configuration Preventive
    Configure the "Always install with elevated privileges" to organizational standards. CC ID 07811 Configuration Preventive
    Configure the "Allow log on through Remote Desktop Services" to organizational standards. CC ID 07813 Configuration Preventive
    Configure the "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)" to organizational standards. CC ID 07814 Configuration Preventive
    Configure the "Create permanent shared objects" to organizational standards. CC ID 07818 Configuration Preventive
    Configure the "Devices: Allow undock without having to log on" to organizational standards. CC ID 07821 Configuration Preventive
    Configure the "Devices: Restrict floppy access to locally logged-on user only" to organizational standards. CC ID 07823 Configuration Preventive
    Configure the "Log on as a batch job" to organizational standards. CC ID 07838 Configuration Preventive
    Configure the "MSS: (AutoShareServer) Enable Administrative Shares (recommended except for highly secure environments)" to organizational standards. CC ID 07841 Configuration Preventive
    Configure the "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax" to organizational standards. CC ID 07842 Configuration Preventive
    Configure the "Replace a process level token" to organizational standards. CC ID 07845 Configuration Preventive
    Configure the "Modify firmware environment values" to organizational standards. CC ID 07847 Configuration Preventive
    Configure the "Deny log on through Remote Desktop Services" to organizational standards. CC ID 07854 Configuration Preventive
    Configure the "Devices: Allowed to format and eject removable media" to organizational standards. CC ID 07862 Configuration Preventive
    Configure the "Profile single process" to organizational standards. CC ID 07866 Configuration Preventive
    Configure the "Turn off Autoplay" to organizational standards. CC ID 07867 Configuration Preventive
    Configure the "Devices: Restrict CD-ROM access to locally logged-on user only" to organizational standards. CC ID 07871 Configuration Preventive
    Configure the "Deny log on as a batch job" to organizational standards. CC ID 07876 Configuration Preventive
    Configure the "Create a pagefile" to organizational standards. CC ID 07878 Configuration Preventive
    Configure the "Profile system performance" to organizational standards. CC ID 07879 Configuration Preventive
    Configure the "Impersonate a client after authentication" to organizational standards. CC ID 07882 Configuration Preventive
    Configure the "MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)" to organizational standards. CC ID 07886 Configuration Preventive
    Configure the "Force shutdown from a remote system" to organizational standards. CC ID 07889 Configuration Preventive
    Configure the "Act as part of the operating system" to organizational standards. CC ID 07891 Configuration Preventive
    Configure the "Allow log on locally" to organizational standards. CC ID 07894 Configuration Preventive
    Configure the "Synchronize directory service data" to organizational standards. CC ID 07897 Configuration Preventive
    Configure the "Access Credential Manager as a trusted caller" to organizational standards. CC ID 07898 Configuration Preventive
    Configure the "Enable computer and user accounts to be trusted for delegation" to organizational standards. CC ID 07900 Configuration Preventive
    Configure the "Recovery console: Allow floppy copy and access to all drives and all folders" to organizational standards. CC ID 07901 Configuration Preventive
    Configure the "Software channel permissions" to organizational standards. CC ID 07910 Configuration Preventive
    Configure the "Allow drag and drop or copy and paste files" to organizational standards. CC ID 07915 Configuration Preventive
    Configure the "Disable Per-User Installation of ActiveX Controls" to organizational standards. CC ID 07918 Configuration Preventive
    Configure the "Download signed ActiveX controls" to organizational standards. CC ID 07921 Configuration Preventive
    Configure the "Disable "Configuring History"" to organizational standards. CC ID 07922 Configuration Preventive
    Configure the "Turn off ActiveX opt-in prompt" to organizational standards. CC ID 07928 Configuration Preventive
    Configure the "Allow installation of desktop items" to organizational standards. CC ID 07931 Configuration Preventive
    Configure the "Only allow approved domains to use ActiveX controls without prompt" to organizational standards. CC ID 07936 Configuration Preventive
    Configure the "Initialize and script ActiveX controls not marked as safe" to organizational standards. CC ID 07945 Configuration Preventive
    Configure the "Allow file downloads" to organizational standards. CC ID 07960 Configuration Preventive
    Configure the "Turn off the Security Settings Check feature" to organizational standards. CC ID 07979 Configuration Preventive
    Configure the "Disable the Advanced page" to organizational standards. CC ID 07981 Configuration Preventive
    Configure the "Intranet Sites: Include all network paths (UNCs)" to organizational standards. CC ID 07986 Configuration Preventive
    Configure the "Disable changing Automatic Configuration settings" to organizational standards. CC ID 07992 Configuration Preventive
    Configure the "Turn off "Delete Browsing History" functionality" to organizational standards. CC ID 07993 Configuration Preventive
    Configure the "Allow META REFRESH" to organizational standards. CC ID 07998 Configuration Preventive
    Configure the "Prevent Deleting Temporary Internet Files" to organizational standards. CC ID 08000 Configuration Preventive
    Configure the "Security Zones: Do not allow users to change policies" to organizational standards. CC ID 08001 Configuration Preventive
    Configure the "Only use the ActiveX Installer Service for installation of ActiveX Controls" to organizational standards. CC ID 08003 Configuration Preventive
    Configure the "Prevent "Fix settings" functionality" to organizational standards. CC ID 08010 Configuration Preventive
    Configure the "XAML browser applications" to organizational standards. CC ID 08011 Configuration Preventive
    Configure the "Run .NET Framework-reliant components signed with Authenticode" to organizational standards CC ID 08014 Configuration Preventive
    Configure the "Access data sources across domains" to organizational standards. CC ID 08018 Configuration Preventive
    Configure the "Allow script-initiated windows without size or position constraints" to organizational standards. CC ID 08020 Configuration Preventive
    Configure the "Disable Save this program to disk option" to organizational standards. CC ID 08021 Configuration Preventive
    Configure the "Security Zones: Do not allow users to add/delete sites" to organizational standards. CC ID 08061 Configuration Preventive
    Configure the "Script ActiveX controls marked safe for scripting" to organizational standards. CC ID 08067 Configuration Preventive
    Configure the "Prevent Deleting Cookies" to organizational standards. CC ID 08069 Configuration Preventive
    Configure the "Allow binary and script behaviors" to organizational standards. CC ID 08070 Configuration Preventive
    Configure the "Launching applications and files in an IFRAME" to organizational standards. CC ID 08078 Configuration Preventive
    Configure the "Allow status bar updates via script" to organizational standards. CC ID 08081 Configuration Preventive
    Configure the "Turn off Crash Detection" to organizational standards. CC ID 08085 Configuration Preventive
    Configure the "Security Zones: Use only machine settings" to organizational standards. CC ID 08088 Configuration Preventive
    Configure the "Web sites in less privileged Web content zones can navigate into this zone" to organizational standards. CC ID 08089 Configuration Preventive
    Configure the "Disable the Security page" to organizational standards. CC ID 08090 Configuration Preventive
    Configure the "Automatically check for Internet Explorer updates" to organizational standards. CC ID 08094 Configuration Preventive
    Configure the "Navigate windows and frames across different domains" to organizational standards. CC ID 08107 Configuration Preventive
    Configure the "Allow active scripting" setting to organizational standards. CC ID 08115 Configuration Preventive
    Configure the "Allow font downloads" to organizational standards. CC ID 08116 Configuration Preventive
    Configure the "Disable changing proxy settings" to organizational standards. CC ID 08126 Configuration Preventive
    Configure the "Disable changing connection settings" to organizational standards. CC ID 08129 Configuration Preventive
    Configure the "Run .NET Framework-reliant components not signed with Authenticode" to organizational standards CC ID 08130 Configuration Preventive
    Configure the "Turn off printing over HTTP" to organizational standards. CC ID 08162 Configuration Preventive
    Configure the "Registry policy processing" to organizational standards. CC ID 08169 Configuration Preventive
    Configure the "Disable remote Desktop Sharing" to organizational standards. CC ID 08186 Configuration Preventive
    Configure the "Report operating system errors" to organizational standards. CC ID 08187 Configuration Preventive
    Configure the "Enumerate administrator accounts on elevation" to organizational standards. CC ID 08190 Configuration Preventive
    Configure the "Turn off Windows Update device driver searching" to organizational standards. CC ID 08193 Configuration Preventive
    Configure the "Do not allow drive redirection" to organizational standards. CC ID 08199 Configuration Preventive
    Configure the "Turn off the Windows Messenger Customer Experience Improvement Program" to organizational standards. CC ID 08204 Configuration Preventive
    Configure the "Turn off downloading of print drivers over HTTP" to organizational standards. CC ID 08218 Configuration Preventive
    Configure the "Do not process the run once list" to organizational standards. CC ID 08219 Configuration Preventive
    Configure the "Deny log on through Terminal Services" to organizational standards. CC ID 08220 Configuration Preventive
    Configure the "Offer Remote Assistance" to organizational standards. CC ID 08222 Configuration Preventive
    Configure the "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" to organizational standards. CC ID 08228 Configuration Preventive
    Configure the "Allow users to connect remotely using Remote Desktop Services" to organizational standards. CC ID 08234 Configuration Preventive
    Configure the "MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)" to organizational standards. CC ID 08247 Configuration Preventive
    Configure the "MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames" to organizational standards. CC ID 08253 Configuration Preventive
    Configure the "Solicited Remote Assistance" to organizational standards. CC ID 08265 Configuration Preventive
    Configure "Turn off the "Publish to Web" task for files and folders" to organizational standards. CC ID 08285 Configuration Preventive
    Configure the "Do not allow Windows Messenger to be run" to organizational standards. CC ID 08288 Configuration Preventive
    Configure the "Allow log on through Terminal Services" to organizational standards. CC ID 08291 Configuration Preventive
    Configure the "Require trusted path for credential entry." to organizational standards CC ID 08293 Configuration Preventive
    Configure the "Turn off Search Companion content file updates" to organizational standards. CC ID 08302 Configuration Preventive
    Configure the "Prevent access to registry editing tools" to organizational standards. CC ID 08331 Configuration Preventive
    Configure the "Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet" to organizational standards. CC ID 08347 Configuration Preventive
    Configure the "Turn on SmartScreen Filter scan" to organizational standards. CC ID 08357 Configuration Preventive
    Configure the "Disallow WinRM from storing RunAs credentials" to organizational standards. CC ID 08362 Configuration Preventive
    Configure the "Turn off URL Suggestions" to organizational standards. CC ID 08372 Configuration Preventive
    Configure the "Prevent users from bypassing SmartScreen Filter's application reputation warnings about files that are not commonly downloaded from the Internet" to organizational standards. CC ID 08385 Configuration Preventive
    Configure the "Prevent access to Delete Browsing History" to organizational standards. CC ID 08387 Configuration Preventive
    Configure the "Turn off InPrivate Browsing" to organizational standards. CC ID 08421 Configuration Preventive
    Configure the "Turn off Windows Location Provider" to organizational standards. CC ID 08427 Configuration Preventive
    Configure the "Turn on Suggested Sites" to organizational standards. CC ID 08434 Configuration Preventive
    Configure the "Turn off access to the Store" to organizational standards. CC ID 08436 Configuration Preventive
    Configure the "Point and Print Restrictions" to organizational standards. CC ID 08441 Configuration Preventive
    Configure the "Prevent changing proxy settings" to organizational standards. CC ID 08447 Configuration Preventive
    Configure the "Allow deleting browsing history on exit" to organizational standards. CC ID 08456 Configuration Preventive
    Configure the "Allow scripting of Internet Explorer WebBrowser controls" to organizational standards. CC ID 08464 Configuration Preventive
    Configure the "Turn off Managing SmartScreen Filter for Internet Explorer 9" to organizational standards. CC ID 08472 Configuration Preventive
    Configure the "Check Administrator Group Membership" to organizational standards. CC ID 08473 Configuration Preventive
    Configure the "Check if AppLocker is Enabled" to organizational standards. CC ID 08475 Configuration Preventive
    Configure the "Prevent the computer from joining a homegroup" to organizational standards. CC ID 08486 Configuration Preventive
    Configure the "Disable Browser Geolocation" to organizational standards. CC ID 08491 Configuration Preventive
    Configure the "Allow Remote Shell Access" to organizational standards. CC ID 08496 Configuration Preventive
    Configure the "Turn Off the Display (Plugged In)" to organizational standards. CC ID 08502 Configuration Preventive
    Configure the "Do not enumerate connected users on domain-joined computers" to organizational standards. CC ID 08507 Configuration Preventive
    Configure the "Enable dragging of content from different domains across windows" to organizational standards. CC ID 08517 Configuration Preventive
    Configure the "Turn off first-run prompt" to organizational standards. CC ID 08521 Configuration Preventive
    Configure the "Allow Scriptlets" to organizational standards. CC ID 08523 Configuration Preventive
    Configure the "Turn on ActiveX Filtering" to organizational standards. CC ID 08524 Configuration Preventive
    Configure the "Userdata persistence" to organizational standards. CC ID 08533 Configuration Preventive
    Configure the "Enable dragging of content from different domains within a window" to organizational standards. CC ID 08535 Configuration Preventive
    Configure the "Turn off app notifications on the lock screen" to organizational standards. CC ID 08536 Configuration Preventive
    Configure the "Allow updates to status bar via script" to organizational standards. CC ID 08540 Configuration Preventive
    Configure the "Enumerate local users on domain-joined computers" to organizational standards. CC ID 08546 Configuration Preventive
    Configure the "Prevent deleting websites that the user has visited" to organizational standards. CC ID 08547 Configuration Preventive
    Configure the "Install new versions of Internet Explorer automatically" to organizational standards. CC ID 08551 Configuration Preventive
    Configure the "Make proxy settings per-machine (rather than per-user)" to organizational standards. CC ID 08553 Configuration Preventive
    Configure the "Disable external branding of Internet Explorer" to organizational standards. CC ID 08555 Configuration Preventive
    Configure the "Include local path when user is uploading files to a server" to organizational standards. CC ID 08557 Configuration Preventive
    Configure the "Configure Solicited Remote Assistance" to organizational standards. CC ID 08561 Configuration Preventive
    Configure the "Allow loading of XAML files" to organizational standards. CC ID 08562 Configuration Preventive
    Configure the "Do not display the password reveal button" to organizational standards. CC ID 08567 Configuration Preventive
    Configure the "Prevent running First Run wizard" to organizational standards. CC ID 08572 Configuration Preventive
    Configure the "Turn off location" to organizational standards. CC ID 08575 Configuration Preventive
    Configure the "Turn on Enhanced Protected Mode" to organizational standards. CC ID 08577 Configuration Preventive
    Configure the "Turn off browser geolocation" to organizational standards. CC ID 08580 Configuration Preventive
    Configure the "Do not display the reveal password button" to organizational standards. CC ID 08583 Configuration Preventive
    Configure the "Include updated website lists from Microsoft" to organizational standards. CC ID 08593 Configuration Preventive
    Configure the "Turn off Event Viewer "Events.asp" links" to organizational standards. CC ID 08604 Configuration Preventive
    Configure the "Configure Offer Remote Assistance" to organizational standards. CC ID 08605 Configuration Preventive
    Configure the "Prevent specifying the update check interval (in days)" to organizational standards. CC ID 08608 Configuration Preventive
    Configure the "Turn Off the Display (On Battery)" to organizational standards. CC ID 08609 Configuration Preventive
    Configure the "Prevent participation in the Customer Experience Improvement Program" to organizational standards. CC ID 08611 Configuration Preventive
    Configure the "Add a specific list of search providers to the user's search provider list" setting to organizational standards. CC ID 10420 Configuration Preventive
    Configure the "Admin-approved behaviors" setting to organizational standards. CC ID 10421 Configuration Preventive
    Configure the "Allow the display of image download placeholders" setting to organizational standards. CC ID 10422 Configuration Preventive
    Configure the "Allow the printing of background colors and images" setting to organizational standards. CC ID 10423 Configuration Preventive
    Configure the "Audio/Video Player" setting to organizational standards. CC ID 10424 Configuration Preventive
    Configure the "Auto-hide the Toolbars" setting to organizational standards. CC ID 10425 Configuration Preventive
    Configure the "Binary Behavior Security Restriction: All Processes" setting to organizational standards. CC ID 10426 Configuration Preventive
    Configure the "Binary Behavior Security Restriction: Internet Explorer Processes" setting to organizational standards. CC ID 10427 Configuration Preventive
    Configure the "Binary Behavior Security Restriction: Process List" setting to organizational standards. CC ID 10428 Configuration Preventive
    Configure the "Carpoint" setting to organizational standards. CC ID 10429 Configuration Preventive
    Configure the "Configure new tab page default behavior" setting to organizational standards. CC ID 10430 Configuration Preventive
    Configure the "Customize Command Labels" setting to organizational standards. CC ID 10431 Configuration Preventive
    Configure the "Customize User Agent String" setting to organizational standards. CC ID 10432 Configuration Preventive
    Configure the "Deploy default Accelerators" setting to organizational standards. CC ID 10433 Configuration Preventive
    Configure the "Deploy non-default Accelerators" setting to organizational standards. CC ID 10434 Configuration Preventive
    Configure the "DHTML Edit Control" setting to organizational standards. CC ID 10435 Configuration Preventive
    Configure the "Disable caching of Auto-Proxy scripts" setting to organizational standards. CC ID 10436 Configuration Preventive
    Configure the "Disable changing accessibility settings" setting to organizational standards. CC ID 10437 Configuration Preventive
    Configure the "Disable changing Calendar and Contact settings" setting to organizational standards. CC ID 10438 Configuration Preventive
    Configure the "Disable changing color settings" setting to organizational standards. CC ID 10439 Configuration Preventive
    Configure the "Disable changing default browser check" setting to organizational standards. CC ID 10440 Configuration Preventive
    Configure the "Disable changing font settings" setting to organizational standards. CC ID 10441 Configuration Preventive
    Configure the "Disable changing home page settings" setting to organizational standards. CC ID 10442 Configuration Preventive
    Configure the "Disable changing language settings" setting to organizational standards. CC ID 10443 Configuration Preventive
    Configure the "Disable changing link color settings" setting to organizational standards. CC ID 10444 Configuration Preventive
    Configure the "Disable changing Messaging settings" setting to organizational standards. CC ID 10445 Configuration Preventive
    Configure the "Disable changing ratings settings" setting to organizational standards. CC ID 10446 Configuration Preventive
    Configure the "Disable changing secondary home page settings" setting to organizational standards. CC ID 10447 Configuration Preventive
    Configure the "Disable changing Temporary Internet files settings" setting to organizational standards. CC ID 10448 Configuration Preventive
    Configure the "Disable Context menu" setting to organizational standards. CC ID 10449 Configuration Preventive
    Configure the "Disable customizing browser toolbar buttons" setting to organizational standards. CC ID 10450 Configuration Preventive
    Configure the "Disable customizing browser toolbars" setting to organizational standards. CC ID 10451 Configuration Preventive
    Configure the "Disable Import/Export Settings wizard" setting to organizational standards. CC ID 10452 Configuration Preventive
    Configure the "Disable Open in New Window menu option" setting to organizational standards. CC ID 10453 Configuration Preventive
    Configure the "Disable the Connections page" setting to organizational standards. CC ID 10454 Configuration Preventive
    Configure the "Disable the Content page" setting to organizational standards. CC ID 10455 Configuration Preventive
    Configure the "Disable the General page" setting to organizational standards. CC ID 10456 Configuration Preventive
    Configure the "Disable the Programs page" setting to organizational standards. CC ID 10457 Configuration Preventive
    Configure the "Disable toolbars and extensions when InPrivate Browsing starts" setting to organizational standards. CC ID 10458 Configuration Preventive
    Configure the "Display error message on proxy script download failure" setting to organizational standards. CC ID 10459 Configuration Preventive
    Configure the "Do not collect InPrivate Filtering data" setting to organizational standards. CC ID 10460 Configuration Preventive
    Configure the "Do not save encrypted pages to disk" setting to organizational standards. CC ID 10461 Configuration Preventive
    Configure the "Empty Temporary Internet Files folder when browser is closed" setting to organizational standards. CC ID 10462 Configuration Preventive
    Configure the "Enforce Full Screen Mode" setting to organizational standards. CC ID 10463 Configuration Preventive
    Configure the "File menu: Disable closing the browser and Explorer windows" setting to organizational standards. CC ID 10464 Configuration Preventive
    Configure the "File menu: Disable New menu option" setting to organizational standards. CC ID 10465 Configuration Preventive
    Configure the "File menu: Disable Open menu option" setting to organizational standards. CC ID 10466 Configuration Preventive
    Configure the "File menu: Disable Save As Web Page Complete" setting to organizational standards. CC ID 10467 Configuration Preventive
    Configure the "File menu: Disable Save As.. menu option" setting to organizational standards. CC ID 10468 Configuration Preventive
    Configure the "File size limits for Internet zone" setting to organizational standards. CC ID 10469 Configuration Preventive
    Configure the "File size limits for Intranet zone" setting to organizational standards. CC ID 10470 Configuration Preventive
    Configure the "File size limits for Local Machine zone" setting to organizational standards. CC ID 10471 Configuration Preventive
    Configure the "File size limits for Restricted Sites zone" setting to organizational standards. CC ID 10472 Configuration Preventive
    Configure the "File size limits for Trusted Sites zone" setting to organizational standards. CC ID 10473 Configuration Preventive
    Configure the "Help menu: Remove 'Send Feedback' menu option" setting to organizational standards. CC ID 10474 Configuration Preventive
    Configure the "Help menu: Remove 'Tour' menu option" setting to organizational standards. CC ID 10475 Configuration Preventive
    Configure the "Hide Favorites menu" setting to organizational standards. CC ID 10476 Configuration Preventive
    Configure the "Hide the Command Bar" setting to organizational standards. CC ID 10477 Configuration Preventive
    Configure the "Hide the Status Bar" setting to organizational standards. CC ID 10478 Configuration Preventive
    Configure the "InPrivate Filtering Threshold" setting to organizational standards. CC ID 10479 Configuration Preventive
    Configure the "Internet Zone Restricted Protocols" setting to organizational standards. CC ID 10480 Configuration Preventive
    Configure the "Internet Zone Template" setting to organizational standards. CC ID 10481 Configuration Preventive
    Configure the "Intranet Sites: Include all local (intranet) sites not listed in other zones" setting to organizational standards. CC ID 10482 Configuration Preventive
    Configure the "Intranet Sites: Include all sites that bypass the proxy server" setting to organizational standards. CC ID 10483 Configuration Preventive
    Configure the "Intranet Zone Restricted Protocols" setting to organizational standards. CC ID 10484 Configuration Preventive
    Configure the "Intranet Zone Template" setting to organizational standards. CC ID 10485 Configuration Preventive
    Configure the "Investor" setting to organizational standards. CC ID 10486 Configuration Preventive
    Configure the "Local Machine Zone Restricted Protocols" setting to organizational standards. CC ID 10487 Configuration Preventive
    Configure the "Local Machine Zone Template" setting to organizational standards. CC ID 10488 Configuration Preventive
    Configure the "Lock all Toolbars" setting to organizational standards. CC ID 10489 Configuration Preventive
    Configure the "Locked-Down Internet Zone Template" setting to organizational standards. CC ID 10490 Configuration Preventive
    Configure the "Locked-Down Intranet Zone Template" setting to organizational standards. CC ID 10491 Configuration Preventive
    Configure the "Locked-Down Local Machine Zone Template" setting to organizational standards. CC ID 10492 Configuration Preventive
    Configure the "Locked-Down Restricted Sites Zone Template" setting to organizational standards. CC ID 10493 Configuration Preventive
    Configure the "Locked-Down Trusted Sites Zone Template" setting to organizational standards. CC ID 10494 Configuration Preventive
    Configure the "Maximum number of connections per server (HTTP 1.0)" setting to organizational standards. CC ID 10495 Configuration Preventive
    Configure the "Maximum number of connections per server (HTTP 1.1)" setting to organizational standards. CC ID 10496 Configuration Preventive
    Configure the "Menu Controls" setting to organizational standards. CC ID 10497 Configuration Preventive
    Configure the "Microsoft Agent" setting to organizational standards. CC ID 10498 Configuration Preventive
    Configure the "Microsoft Chat" setting to organizational standards. CC ID 10499 Configuration Preventive
    Configure the "Microsoft Scriptlet Component" setting to organizational standards. CC ID 10500 Configuration Preventive
    Configure the "Microsoft Survey Control" setting to organizational standards. CC ID 10501 Configuration Preventive
    Configure the "Moving the menu bar above the navigation bar" setting to organizational standards. CC ID 10502 Configuration Preventive
    Configure the "MSNBC" setting to organizational standards. CC ID 10503 Configuration Preventive
    Configure the "NetShow File Transfer Control" setting to organizational standards. CC ID 10504 Configuration Preventive
    Configure the "Network Protocol Lockdown: All Processes" setting to organizational standards. CC ID 10505 Configuration Preventive
    Configure the "Network Protocol Lockdown: Internet Explorer Processes" setting to organizational standards. CC ID 10506 Configuration Preventive
    Configure the "Network Protocol Lockdown: Process List" setting to organizational standards. CC ID 10507 Configuration Preventive
    Configure the "Play animations in web pages" setting to organizational standards. CC ID 10508 Configuration Preventive
    Configure the "Play sounds in web pages" setting to organizational standards. CC ID 10509 Configuration Preventive
    Configure the "Pop-up allow list" setting to organizational standards. CC ID 10510 Configuration Preventive
    Configure the "Prevent configuration of search from the Address bar" setting to organizational standards. CC ID 10511 Configuration Preventive
    Configure the "Prevent Deleting Favorites Site Data" setting to organizational standards. CC ID 10512 Configuration Preventive
    Configure the "Prevent Deleting Form Data" setting to organizational standards. CC ID 10513 Configuration Preventive
    Configure the "Prevent Deleting InPrivate Filtering data" setting to organizational standards. CC ID 10514 Configuration Preventive
    Configure the "Prevent Deleting Passwords" setting to organizational standards. CC ID 10515 Configuration Preventive
    Configure the "Prevent Internet Explorer Search box from displaying" setting to organizational standards. CC ID 10516 Configuration Preventive
    Configure the "Prevent setting of the code download path for each machine" setting to organizational standards. CC ID 10517 Configuration Preventive
    Configure the "Prevent the configuration of cipher strength update information URLs" setting to organizational standards. CC ID 10518 Configuration Preventive
    Configure the "Prevent the use of Windows colors" setting to organizational standards. CC ID 10519 Configuration Preventive
    Configure the "Prevent users from choosing default text size" setting to organizational standards. CC ID 10520 Configuration Preventive
    Configure the "Prevent users from configuring background color" setting to organizational standards. CC ID 10521 Configuration Preventive
    Configure the "Prevent users from configuring text color" setting to organizational standards. CC ID 10522 Configuration Preventive
    Configure the "Prevent users from configuring the color of links that have already been clicked" setting to organizational standards. CC ID 10523 Configuration Preventive
    Configure the "Prevent users from configuring the color of links that have not yet been clicked" setting to organizational standards. CC ID 10524 Configuration Preventive
    Configure the "Prevent users from configuring the hover color" setting to organizational standards. CC ID 10525 Configuration Preventive
    Configure the "Restrict changing the default search provider" setting to organizational standards. CC ID 10526 Configuration Preventive
    Configure the "Restrict search providers to a specific list of providers" setting to organizational standards. CC ID 10527 Configuration Preventive
    Configure the "Restricted Sites Zone Restricted Protocols" setting to organizational standards. CC ID 10528 Configuration Preventive
    Configure the "Restricted Sites Zone Template" setting to organizational standards. CC ID 10529 Configuration Preventive
    Configure the "Send internationalized domain names" setting to organizational standards. CC ID 10530 Configuration Preventive
    Configure the "Set location of Stop and Refresh buttons" setting to organizational standards. CC ID 10531 Configuration Preventive
    Configure the "Set tab process growth" setting to organizational standards. CC ID 10532 Configuration Preventive
    Configure the "Flash" setting to organizational standards. CC ID 10533 Configuration Preventive
    Configure the "Tools menu: Disable Internet Options.. menu option" setting to organizational standards. CC ID 10534 Configuration Preventive
    Configure the "Trusted Sites Zone Restricted Protocols" setting to organizational standards. CC ID 10535 Configuration Preventive
    Configure the "Trusted Sites Zone Template" setting to organizational standards. CC ID 10536 Configuration Preventive
    Configure the "Turn off Accelerators" setting to organizational standards. CC ID 10537 Configuration Preventive
    Configure the "Turn off Automatic Crash Recovery Prompt" setting to organizational standards. CC ID 10538 Configuration Preventive
    Configure the "Turn off automatic image resizing" setting to organizational standards. CC ID 10539 Configuration Preventive
    Configure the "Turn off ClearType" setting to organizational standards. CC ID 10540 Configuration Preventive
    Configure the "Turn off Compatibility View button" setting to organizational standards. CC ID 10541 Configuration Preventive
    Configure the "Turn off Compatibility View" setting to organizational standards. CC ID 10542 Configuration Preventive
    Configure the "Turn off configuration of default behavior of new tab creation" setting to organizational standards. CC ID 10543 Configuration Preventive
    Configure the "Turn off configuration of tabbed browsing pop-up behavior" setting to organizational standards. CC ID 10544 Configuration Preventive
    Configure the "Turn off configuration of window reuse" setting to organizational standards. CC ID 10545 Configuration Preventive
    Configure the "Turn off configuring underline links" setting to organizational standards. CC ID 10546 Configuration Preventive
    Configure the "Turn off Cross Document Messaging" setting to organizational standards. CC ID 10547 Configuration Preventive
    Configure the "Turn off Data URI Support" setting to organizational standards. CC ID 10548 Configuration Preventive
    Configure the "Turn off Developer Tools" setting to organizational standards. CC ID 10549 Configuration Preventive
    Configure the "Turn off displaying the Internet Explorer Help Menu" setting to organizational standards. CC ID 10550 Configuration Preventive
    Configure the "Turn off Favorites bar" setting to organizational standards. CC ID 10551 Configuration Preventive
    Configure the "Turn off friendly http error messages" setting to organizational standards. CC ID 10552 Configuration Preventive
    Configure the "Turn off InPrivate Filtering" setting to organizational standards. CC ID 10553 Configuration Preventive
    Configure the "Turn off Managing Pop-up Allow list" setting to organizational standards. CC ID 10554 Configuration Preventive
    Configure the "Turn off managing Pop-up filter level" setting to organizational standards. CC ID 10555 Configuration Preventive
    Configure the "Turn off page zooming functionality" setting to organizational standards. CC ID 10556 Configuration Preventive
    Configure the "Turn off picture display" setting to organizational standards. CC ID 10557 Configuration Preventive
    Configure the "Turn off pop-up management" setting to organizational standards. CC ID 10558 Configuration Preventive
    Configure the "Turn off Print Menu" setting to organizational standards. CC ID 10559 Configuration Preventive
    Configure the "Turn off Quick Tabs functionality" setting to organizational standards. CC ID 10560 Configuration Preventive
    Configure the "Turn off Reopen Last Browsing Session" setting to organizational standards. CC ID 10561 Configuration Preventive
    Configure the "Turn off sending URLs as UTF-8 (requires restart)" setting to organizational standards. CC ID 10562 Configuration Preventive
    Configure the "Turn off smart image dithering" setting to organizational standards. CC ID 10563 Configuration Preventive
    Configure the "Turn off smooth scrolling" setting to organizational standards. CC ID 10564 Configuration Preventive
    Configure the "Turn off suggestions for all user-installed providers" setting to organizational standards. CC ID 10565 Configuration Preventive
    Configure the "Turn off Tab Grouping" setting to organizational standards. CC ID 10566 Configuration Preventive
    Configure the "Turn off tabbed browsing" setting to organizational standards. CC ID 10567 Configuration Preventive
    Configure the "Turn off the activation of the quick pick menu" setting to organizational standards. CC ID 10568 Configuration Preventive
    Configure the "Turn off the auto-complete feature for web addresses" setting to organizational standards. CC ID 10569 Configuration Preventive
    Configure the "Turn off the XDomainRequest Object" setting to organizational standards. CC ID 10570 Configuration Preventive
    Configure the "Turn off toolbar upgrade tool" setting to organizational standards. CC ID 10571 Configuration Preventive
    Configure the "Turn off Windows Search AutoComplete" setting to organizational standards. CC ID 10572 Configuration Preventive
    Configure the "Turn on automatic detection of the intranet" setting to organizational standards. CC ID 10573 Configuration Preventive
    Configure the "Turn on Automatic Signup" setting to organizational standards. CC ID 10574 Configuration Preventive
    Configure the "Turn on Caret Browsing support" setting to organizational standards. CC ID 10575 Configuration Preventive
    Configure the "Turn on Compatibility Logging" setting to organizational standards. CC ID 10576 Configuration Preventive
    Configure the "Turn on Information bar notification for intranet content" setting to organizational standards. CC ID 10577 Configuration Preventive
    Configure the "Turn on inline AutoComplete for Web addresses" setting to organizational standards. CC ID 10578 Configuration Preventive
    Configure the "Turn on Internet Explorer 7 Standards Mode" setting to organizational standards. CC ID 10579 Configuration Preventive
    Configure the "Turn on Internet Explorer Standards Mode for Local Intranet" setting to organizational standards. CC ID 10580 Configuration Preventive
    Configure the "Turn on menu bar by default" setting to organizational standards. CC ID 10581 Configuration Preventive
    Configure the "Turn on the display of a notification about every script error" setting to organizational standards. CC ID 10582 Configuration Preventive
    Configure the "Turn on the hover color option" setting to organizational standards. CC ID 10583 Configuration Preventive
    Configure the "Use Automatic Detection for dial-up connections" setting to organizational standards. CC ID 10584 Configuration Preventive
    Configure the "Use HTTP 1.1 through proxy connections" setting to organizational standards. CC ID 10585 Configuration Preventive
    Configure the "Use HTTP 1.1" setting to organizational standards. CC ID 10586 Configuration Preventive
    Configure the "Use large Icons for Command Buttons" setting to organizational standards. CC ID 10587 Configuration Preventive
    Configure the "Use Policy Accelerators" setting to organizational standards. CC ID 10588 Configuration Preventive
    Configure the "Use Policy List of Internet Explorer 7 sites" setting to organizational standards. CC ID 10589 Configuration Preventive
    Configure the "Use UTF-8 for mailto links" setting to organizational standards. CC ID 10590 Configuration Preventive
    Configure the "View menu: Disable Full Screen menu option" setting to organizational standards. CC ID 10591 Configuration Preventive
    Configure the "View menu: Disable Source menu option" setting to organizational standards. CC ID 10592 Configuration Preventive
    Configure the "MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended)" setting to organizational standards. CC ID 10607 Configuration Preventive
    Configure the "AutoRun" setting to organizational standards. CC ID 10608 Configuration Preventive
    Implement hardware-based write-protect for system firmware components. CC ID 10659 Technical Security Preventive
    Implement procedures to manually disable hardware-based write-protect to change computer firmware. CC ID 10660 Technical Security Preventive
    Configure the "Disable binding directly to IPropertySetStorage without intermediate layers." setting to organizational standards. CC ID 10861 Configuration Preventive
    Configure the "Disable delete notifications on all volumes" setting to organizational standards. CC ID 10862 Configuration Preventive
    Configure the "Disable IE security prompt for Windows Installer scripts" setting to organizational standards. CC ID 10863 Configuration Preventive
    Configure the "Disable or enable software Secure Attention Sequence" setting to organizational standards. CC ID 10865 Configuration Preventive
    Configure the "Disable text prediction" setting to organizational standards. CC ID 10867 Configuration Preventive
    Configure the "Disable Windows Error Reporting" machine setting should be configured correctly. to organizational standards. CC ID 10868 Configuration Preventive
    Configure the "Disable Windows Installer" setting to organizational standards. CC ID 10869 Configuration Preventive
    Configure the "Display a custom message when installation is prevented by a policy setting" setting to organizational standards. CC ID 10886 Configuration Preventive
    Configure the "Enable/Disable PerfTrack" setting to organizational standards. CC ID 10953 Configuration Preventive
    Configure the "Enforce disk quota limit" setting to organizational standards. CC ID 10956 Configuration Preventive
    Configure the "Limit audio playback quality" setting to organizational standards. CC ID 11006 Configuration Preventive
    Configure the "Limit disk space used by offline files" setting to organizational standards. CC ID 11007 Configuration Preventive
    Configure the "Limit maximum color depth" setting to organizational standards. CC ID 11008 Configuration Preventive
    Configure the "Limit maximum display resolution" setting to organizational standards. CC ID 11009 Configuration Preventive
    Configure the "Limit maximum number of monitors" setting to organizational standards. CC ID 11010 Configuration Preventive
    Configure the "Limit outstanding packets" setting to organizational standards. CC ID 11012 Configuration Preventive
    Configure the "Limit reservable bandwidth" setting to organizational standards. CC ID 11013 Configuration Preventive
    Configure the "Limit the age of files in the BITS Peercache" setting to organizational standards. CC ID 11014 Configuration Preventive
    Configure the "Limit the BITS Peercache size" setting to organizational standards. CC ID 11015 Configuration Preventive
    Configure the "Limit the maximum BITS job download time" setting to organizational standards. CC ID 11016 Configuration Preventive
    Configure the "Limit the maximum number of BITS jobs for each user" setting to organizational standards. CC ID 11018 Configuration Preventive
    Configure the "Limit the maximum number of BITS jobs for this computer" setting to organizational standards. CC ID 11019 Configuration Preventive
    Configure the "Limit the maximum number of ranges that can be added to the file in a BITS job" setting to organizational standards. CC ID 11021 Configuration Preventive
    Configure the "Limit the size of the entire roaming user profile cache" setting to organizational standards. CC ID 11022 Configuration Preventive
    Configure the "Microsoft Support Diagnostic Tool: Restrict tool download" setting to organizational standards. CC ID 11044 Configuration Preventive
    Configure the "Prevent access to 16-bit applications" setting to organizational standards. CC ID 11066 Configuration Preventive
    Configure the "Prevent Automatic Updates" setting to organizational standards. CC ID 11067 Configuration Preventive
    Configure the "Prevent Back-ESC mapping" setting to organizational standards. CC ID 11068 Configuration Preventive
    Configure the "Prevent backing up to local disks" setting to organizational standards. CC ID 11069 Configuration Preventive
    Configure the "Prevent backing up to optical media (CD/DVD)" setting to organizational standards. CC ID 11071 Configuration Preventive
    Configure the "Prevent display of the user interface for critical errors" setting to organizational standards. CC ID 11074 Configuration Preventive
    Configure the "Prevent flicks" setting to organizational standards. CC ID 11075 Configuration Preventive
    Configure the "Prevent Flicks Learning Mode" setting to organizational standards. CC ID 11076 Configuration Preventive
    Configure the "Prevent Input Panel tab from appearing" setting to organizational standards. CC ID 11077 Configuration Preventive
    Configure the "Prevent launch an application" setting to organizational standards. CC ID 11081 Configuration Preventive
    Configure the "Prevent license upgrade" setting to organizational standards. CC ID 11082 Configuration Preventive
    Configure the "Prevent Media Sharing" setting to organizational standards. CC ID 11083 Configuration Preventive
    Configure the "Prevent plaintext PINs from being returned by Credential Manager" setting to organizational standards. CC ID 11084 Configuration Preventive
    Configure the "Prevent press and hold" setting to organizational standards. CC ID 11085 Configuration Preventive
    Configure the "Prevent Quick Launch Toolbar Shortcut Creation" setting to organizational standards. CC ID 11086 Configuration Preventive
    Configure the "Prevent restoring local previous versions" setting to organizational standards. CC ID 11087 Configuration Preventive
    Configure the "Prevent restoring previous versions from backups" setting to organizational standards. CC ID 11088 Configuration Preventive
    Configure the "Prevent Roaming Profile changes from propagating to the server" setting to organizational standards. CC ID 11090 Configuration Preventive
    Configure the "Prevent Video Smoothing" setting to organizational standards. CC ID 11091 Configuration Preventive
    Configure the "Prevent Windows Anytime Upgrade from running." setting to organizational standards. CC ID 11092 Configuration Preventive
    Configure the "Prohibit Access of the Windows Connect Now wizards" setting to organizational standards. CC ID 11100 Configuration Preventive
    Configure the "Prohibit Flyweight Patching" setting to organizational standards. CC ID 11101 Configuration Preventive
    Configure the "Prohibit installing or uninstalling color profiles" setting to organizational standards. CC ID 11103 Configuration Preventive
    Configure the "Prohibit patching" setting to organizational standards. CC ID 11104 Configuration Preventive
    Configure the "Prohibit removal of updates" setting to organizational standards. CC ID 11105 Configuration Preventive
    Configure the "Prohibit rollback" setting to organizational standards. CC ID 11106 Configuration Preventive
    Configure the "Prohibit Use of Restart Manager" setting to organizational standards. CC ID 11107 Configuration Preventive
    Configure the "Restrict Internet communication" setting to organizational standards. CC ID 11140 Configuration Preventive
    Configure the "Restrict potentially unsafe HTML Help functions to specified folders" setting to organizational standards. CC ID 11141 Configuration Preventive
    Configure the "Restrict system locales" setting to organizational standards. CC ID 11143 Configuration Preventive
    Configure the "Restrict these programs from being launched from Help" setting to organizational standards. CC ID 11144 Configuration Preventive
    Configure the "Restrict unpacking and installation of gadgets that are not digitally signed." setting to organizational standards. CC ID 11145 Configuration Preventive
    Configure the "Restrict user locales" setting to organizational standards. CC ID 11146 Configuration Preventive
    Configure the "Terminate session when time limits are reached" setting to organizational standards. CC ID 11241 Configuration Preventive
    Configure the "Turn off access to all Windows Update features" setting to organizational standards. CC ID 11254 Configuration Preventive
    Configure the "Turn off access to the OEM and Microsoft branding section" setting to organizational standards. CC ID 11255 Configuration Preventive
    Configure the "Turn off access to the performance center core section" setting to organizational standards. CC ID 11256 Configuration Preventive
    Configure the "Turn off access to the solutions to performance problems section" setting to organizational standards. CC ID 11257 Configuration Preventive
    Configure the "Turn off Active Help" setting to organizational standards. CC ID 11258 Configuration Preventive
    Configure the "Turn off Application Compatibility Engine" setting to organizational standards. CC ID 11261 Configuration Preventive
    Configure the "Turn off Application Telemetry" setting to organizational standards. CC ID 11262 Configuration Preventive
    Configure the "Turn off AutoComplete integration with Input Panel" setting to organizational standards. CC ID 11263 Configuration Preventive
    Configure the "Turn off automatic learning" setting to organizational standards. CC ID 11264 Configuration Preventive
    Configure the "Turn off Automatic Root Certificates Update" setting to organizational standards. CC ID 11265 Configuration Preventive
    Configure the "Turn off automatic termination of applications that block or cancel shutdown" setting to organizational standards. CC ID 11266 Configuration Preventive
    Configure the "Turn off automatic wake" setting to organizational standards. CC ID 11267 Configuration Preventive
    Configure the "Turn Off Boot and Resume Optimizations" setting to organizational standards. CC ID 11269 Configuration Preventive
    Configure the "Turn off Configuration" setting to organizational standards. CC ID 11271 Configuration Preventive
    Configure the "Turn off creation of System Restore Checkpoints" setting to organizational standards. CC ID 11273 Configuration Preventive
    Configure the "Turn off Data Execution Prevention for HTML Help Executible" setting to organizational standards. CC ID 11274 Configuration Preventive
    Configure the "Turn off downloading of game information" setting to organizational standards. CC ID 11276 Configuration Preventive
    Configure the "Turn off Fair Share CPU Scheduling" setting to organizational standards. CC ID 11277 Configuration Preventive
    Configure the "Turn off game updates" setting to organizational standards. CC ID 11279 Configuration Preventive
    Configure the "Turn off hardware buttons" setting to organizational standards. CC ID 11280 Configuration Preventive
    Configure the "Turn off location scripting" setting to organizational standards. CC ID 11287 Configuration Preventive
    Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Global" to organizational standards. CC ID 11290 Configuration Preventive
    Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Site Local" to organizational standards. CC ID 11292 Configuration Preventive
    Configure the "Turn off Multicast Name Resolution" setting to organizational standards. CC ID 11293 Configuration Preventive
    Configure the "Turn Off Non Volatile Cache Feature" setting to organizational standards. CC ID 11294 Configuration Preventive
    Configure the "Turn off numerical sorting in Windows Explorer" setting to organizational standards. CC ID 11295 Configuration Preventive
    Configure the "Turn off pen feedback" setting to organizational standards. CC ID 11297 Configuration Preventive
    Configure the "Turn off PNRP cloud creation" setting for "IPv6 Global" to organizational standards. CC ID 11298 Configuration Preventive
    Configure the "Turn off PNRP cloud creation" setting for "IPv6 Site Local" to organizational standards. CC ID 11300 Configuration Preventive
    Configure the "Turn off Problem Steps Recorder" setting to organizational standards. CC ID 11301 Configuration Preventive
    Configure the "Turn off Program Compatibility Assistant" setting to organizational standards. CC ID 11302 Configuration Preventive
    Configure the "Turn off Program Inventory" setting to organizational standards. CC ID 11303 Configuration Preventive
    Configure the "Turn off Real-Time Monitoring" setting to organizational standards. CC ID 11304 Configuration Preventive
    Configure the "Turn off restore functionality" setting to organizational standards. CC ID 11306 Configuration Preventive
    Configure the "Turn off Routinely Taking Action" setting to organizational standards. CC ID 11308 Configuration Preventive
    Configure the "Turn off sensors" setting to organizational standards. CC ID 11309 Configuration Preventive
    Configure the "Turn Off Solid State Mode" setting to organizational standards. CC ID 11310 Configuration Preventive
    Configure the "Turn off SwitchBack Compatibility Engine" setting to organizational standards. CC ID 11311 Configuration Preventive
    Configure the "Turn off System Restore" setting to organizational standards. CC ID 11312 Configuration Preventive
    Configure the "Turn off Tablet PC touch input" setting to organizational standards. CC ID 11313 Configuration Preventive
    Configure the "Turn off the ability to back up data files" setting to organizational standards. CC ID 11315 Configuration Preventive
    Configure the "Turn off the ability to create a system image" setting to organizational standards. CC ID 11316 Configuration Preventive
    Configure the "Turn off the communities features" setting to organizational standards. CC ID 11317 Configuration Preventive
    Configure the "Turn off Touch Panning" setting to organizational standards. CC ID 11320 Configuration Preventive
    Configure the "Turn off tracking of last play time of games in the Games folder" setting to organizational standards. CC ID 11321 Configuration Preventive
    Configure the "Turn off Windows Customer Experience Improvement Program" setting to organizational standards. CC ID 11323 Configuration Preventive
    Configure the "Turn off Windows Defender" setting to organizational standards. CC ID 11324 Configuration Preventive
    Configure the "Turn off Windows HotStart" setting to organizational standards. CC ID 11325 Configuration Preventive
    Configure the "Turn off Windows Installer RDS Compatibility" setting to organizational standards. CC ID 11326 Configuration Preventive
    Configure the "Turn off Windows Mobility Center" setting to organizational standards. CC ID 11327 Configuration Preventive
    Configure the "Turn off Windows presentation settings" setting to organizational standards. CC ID 11329 Configuration Preventive
    Configure the "Turn off Windows SideShow" setting to organizational standards. CC ID 11330 Configuration Preventive
    Configure the "Turn off Windows Startup Sound" setting to organizational standards. CC ID 11331 Configuration Preventive
    Establish, implement, and maintain idle session termination and logout capabilities. CC ID 01418 Configuration Preventive
    Refrain from using assertion lifetimes to limit each session. CC ID 13871 Technical Security Preventive
    Configure Session Configuration settings in accordance with organizational standards. CC ID 07698 Configuration Preventive
    Invalidate unexpected session identifiers. CC ID 15307 Configuration Preventive
    Configure the "MaxStartups" settings to organizational standards. CC ID 15329 Configuration Preventive
    Reject session identifiers that are not valid. CC ID 15306 Configuration Preventive
    Configure the "MaxSessions" settings to organizational standards. CC ID 15330 Configuration Preventive
    Configure the "Interactive logon: Message title for users attempting to log on" to organizational standards. CC ID 07699 Configuration Preventive
    Configure the "LoginGraceTime" settings to organizational standards. CC ID 15328 Configuration Preventive
    Configure the "Network security: Force logoff when logon hours expire" to organizational standards. CC ID 07738 Configuration Preventive
    Configure the "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" to organizational standards. CC ID 07758 Configuration Preventive
    Configure the "Microsoft network server: Disconnect clients when logon hours expire" to organizational standards. CC ID 07824 Configuration Preventive
    Configure the "Microsoft network server: Amount of idle time required before suspending session" to organizational standards. CC ID 07826 Configuration Preventive
    Configure the "Interactive logon: Do not display last user name" to organizational standards. CC ID 07832 Configuration Preventive
    Configure the "Interactive logon: Display user information when the session is locked" to organizational standards. CC ID 07848 Configuration Preventive
    Configure the "Interactive logon: Message text for users attempting to log on" to organizational standards. CC ID 07870 Configuration Preventive
    Configure the "Always prompt for password upon connection" to organizational standards. CC ID 08229 Configuration Preventive
    Configure the "Interactive logon: Machine inactivity limit" to organizational standards. CC ID 08350 Configuration Preventive
    Install custom applications, only if they are trusted. CC ID 04822 Configuration Preventive
    Configure virtual networks in accordance with the information security policy. CC ID 13165 Configuration Preventive
    Configure Simple Network Management Protocol (SNMP) to organizational standards. CC ID 12423 Configuration Preventive
    Establish access requirements for SNMP community strings. CC ID 16357 Technical Security Preventive
    Configure Simple Network Management Protocol to enable authentication and privacy. CC ID 12427 Configuration Preventive
    Change the community string for Simple Network Management Protocol, as necessary. CC ID 01872 Configuration Preventive
    Configure the system's storage media. CC ID 10618 Configuration Preventive
    Configure the system's electronic storage media's encryption settings. CC ID 11927 Configuration Preventive
    Prohibit the use of sanitization-resistant media in Information Systems. CC ID 10617 Configuration Preventive
    Configure Internet Browser security options according to organizational standards. CC ID 02166 Configuration Preventive
    Configure the "Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection" setting. CC ID 04910 Configuration Preventive
    Configure the "Disable Internet Connection wizard" setting. CC ID 02242 Configuration Preventive
    Configure the "Disable Automatic Install of Internet Explorer components" setting. CC ID 04337 Configuration Preventive
    Configure the "Disable Periodic Check for Internet Explorer software updates" setting. CC ID 04338 Configuration Preventive
    Configure the "Do not allow users to enable or disable add-ons" setting in Internet Explorer properly. CC ID 04340 Configuration Preventive
    Configure the "Turn off Crash Detection" setting in Internet Explorer properly. CC ID 04345 Configuration Preventive
    Configure the "internet explorer processes (mk protocol)" setting. CC ID 04347 Configuration Preventive
    Configure the "internet explorer processes (consistent MIME handling)" setting. CC ID 04348 Configuration Preventive
    Configure the "internet explorer processes (MIME sniffing)" setting. CC ID 04349 Configuration Preventive
    Configure the "Internet Explorer Processes (Restrict ActiveX Install)" setting. CC ID 04352 Configuration Preventive
    Configure the "internet explorer processes (restrict file download)" setting. CC ID 04353 Configuration Preventive
    Configure the "Deny all add-ons unless specifically allowed in the Add-on List" setting. CC ID 04354 Configuration Preventive
    Configure the "Disable Save this program to disk option" setting in limited functionality environments properly. CC ID 04366 Configuration Preventive
    Configure the "Disable the Advanced Page" setting in limited functionality environments. CC ID 04367 Configuration Preventive
    Configure the "Disable the Security Page" setting in limited functionality environments properly. CC ID 04368 Configuration Preventive
    Configure the "Disable adding channels" setting in Internet Explorer properly. CC ID 04369 Configuration Preventive
    Configure the "Disable adding schedules for offline pages" setting. CC ID 04370 Configuration Preventive
    Configure the "Disable all scheduled offline pages" setting. CC ID 04371 Configuration Preventive
    Configure the "Disable channel user interface completely" setting. CC ID 04372 Configuration Preventive
    Configure the "Disable downloading of site subscription content" setting. CC ID 04373 Configuration Preventive
    Configure the "Disable editing and creating of schedule groups" setting. CC ID 04374 Configuration Preventive
    Configure the "Disable editing schedules for offline pages" setting. CC ID 04375 Configuration Preventive
    Configure the "Disable offline page hit logging" setting. CC ID 04376 Configuration Preventive
    Configure the "Disable removing channels" setting. CC ID 04377 Configuration Preventive
    Configure the "Disable removing schedules for offline pages" setting. CC ID 04378 Configuration Preventive
    Configure the "Disable 'Configuring History'" setting in specialized security environments properly. CC ID 04405 Configuration Preventive
    Configure the "Disable AutoComplete for forms" setting in limited functionality environments properly. CC ID 04406 Configuration Preventive
    Configure the "Prevent 'fix settings' functionality" setting in limited functionality environments properly. CC ID 04407 Configuration Preventive
    Configure the "Prevent deletion of 'Temporary Internet Files and Cookies'" setting in limited functionality environments properly. CC ID 04408 Configuration Preventive
    Configure the "Turn Off 'Delete Browsing History' Functionality" setting in limited functionality environments properly. CC ID 04409 Configuration Preventive
    Configure the "Turn off the Security Settings Check feature" setting in limited functionality environments properly. CC ID 04410 Configuration Preventive
    Configure the "Prevent ignoring certificate errors" setting in limited functionality environments properly. CC ID 04411 Configuration Preventive
    Configure the "allow install on demand (Internet Explorer)" setting in limited functionality environments properly. CC ID 04412 Configuration Preventive
    Configure the "Check for server certificate revocation" setting in limited functionality environments properly. CC ID 04413 Configuration Preventive
    Configure the "Access data sources across domains" setting. CC ID 04415 Configuration Preventive
    Configure the "Allow active scripting" setting in limited functionality environments properly. CC ID 04416 Configuration Preventive
    Configure the "Allow binary and script behaviors" setting in limited functionality environments properly. CC ID 04417 Configuration Preventive
    Configure the "Allow cut, copy, or paste operations from the clipboard via script" setting. CC ID 04418 Configuration Preventive
    Configure the "Allow drag and drop or copy and paste files" setting. CC ID 04419 Configuration Preventive
    Configure the "Allow file downloads" setting in limited functionality environments properly. CC ID 04420 Configuration Preventive
    Configure the "Allow font downloads" setting in limited functionality environments properly. CC ID 04421 Configuration Preventive
    Configure the "Allow installation of desktop items" setting in limited functionality environments properly. CC ID 04422 Configuration Preventive
    Configure the "Allow META REFRESH" setting in limited functionality environments properly. CC ID 04423 Configuration Preventive
    Configure the "Allow script-initiated windows without size or position constraints" setting in limited functionality environments properly. CC ID 04424 Configuration Preventive
    Configure the "Allow status bar updates via script" setting in limited functionality environments properly. CC ID 04425 Configuration Preventive
    Configure the "Automatic prompting for file downloads" setting in limited functionality environments properly. CC ID 04426 Configuration Preventive
    Configure the "Download signed ActiveX controls" setting in limited functionality environments properly. CC ID 04427 Configuration Preventive
    Configure the "Download unsigned ActiveX controls" setting in limited functionality environments properly. CC ID 04428 Configuration Preventive
    Configure the "Initialize and script ActiveX controls not marked as safe" setting in limited functionality environments properly. CC ID 04429 Configuration Preventive
    Configure the "Java permissions" setting in limited functionality environments properly. CC ID 04430 Configuration Preventive
    Configure the "Launching applications and files in an IFRAME" setting in limited functionality environments properly. CC ID 04431 Configuration Preventive
    Configure the "Logon Options" setting in limited functionality environments. CC ID 04432 Configuration Preventive
    Configure the "Navigate sub-frames across different domains" setting in limited functionality environments properly. CC ID 04433 Configuration Preventive
    Configure the "Open file based on content, not on file extension" setting in limited functionality environments properly. CC ID 04434 Configuration Preventive
    Configure the "Run.NET Framework-reliant components not signed with Authenticode" setting in limited functionality environments properly. CC ID 04435 Configuration Preventive
    Configure the "Run.NET Framework-reliant components signed with Authenticode" setting in limited functionality environments properly. CC ID 04436 Configuration Preventive
    Configure the "Run ActiveX controls and plugins" setting in limited functionality environments properly. CC ID 04437 Configuration Preventive
    Configure the "Script ActiveX controls marked safe for scripting" setting in limited functionality environments properly. CC ID 04438 Configuration Preventive
    Configure the "Scripting of Java applets" setting in limited functionality environments properly. CC ID 04439 Configuration Preventive
    Configure the "Software channel permissions" setting in limited functionality environments properly. CC ID 04440 Configuration Preventive
    Configure the "Use Pop-up Blocker" setting in limited functionality environments properly. CC ID 04441 Configuration Preventive
    Configure the "Web sites in less privileged Web content zones could navigate into this zone" setting in limited functionality environments properly. CC ID 04442 Configuration Preventive
    Configure the .NET Framework to prevent unauthorized mobile code from executing. CC ID 04531 Configuration Preventive
    Configure the "Turn off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools" setting. CC ID 04644 Configuration Preventive
    Configure the "Prevent performance of first run customize settings" setting. CC ID 04645 Configuration Preventive
    Configure the "Allow Scriptlets" setting in limited functionality environments properly. CC ID 02237 Configuration Preventive
    Configure the "Disable showing the splash screen" setting. CC ID 02238 Configuration Preventive
    Configure the "Add-on List" setting. CC ID 02239 Configuration Preventive
    Configure the "Loose XAML" setting in limited functionality environments properly. CC ID 02240 Configuration Preventive
    Configure the "Disable the Privacy page" setting. CC ID 02241 Configuration Preventive
    Configure the "XPS documents" setting in limited functionality environments properly. CC ID 02243 Configuration Preventive
    Configure the "Turn off Managing Phishing filter" setting. CC ID 02244 Configuration Preventive
    Configure the "Turn on Protected Mode" setting in limited functionality environments properly. CC ID 02245 Configuration Preventive
    Configure the "Userdata persistence" setting in limited functionality environments properly. CC ID 02246 Configuration Preventive
    Configure the "Display mixed content" setting in limited functionality environments properly. CC ID 02247 Configuration Preventive
    Configure the "Check for signature on download programs" setting. CC ID 02250 Configuration Preventive
    Configure the "Turn on the Internet Connection Wizard Auto Detect" setting. CC ID 02252 Configuration Preventive
    Configure the "Web Browser Applications" setting for the Restricted Sites Zone properly. CC ID 02254 Configuration Preventive
    Configure the "Turn off page transitions" setting. CC ID 02255 Configuration Preventive
    Configure the "Turn off configuring the update check interval (in days)" setting. CC ID 02257 Configuration Preventive
    Configure the "Web Browser Applications" setting for the Internet Zone properly. CC ID 02259 Configuration Preventive
    Configure the "Turn Off First-Run Opt-In" setting in limited functionality environments properly. CC ID 02261 Configuration Preventive
    Configure the "Do not allow resetting Internet Explorer settings" setting. CC ID 02262 Configuration Preventive
    Configure the "Enable third-party browser extensions" setting. CC ID 02263 Configuration Preventive
    Configure the "Disable the reset Web settings feature" setting. CC ID 02264 Configuration Preventive
    Configure the "Disable external branding of Internet Explorer" setting. CC ID 02266 Configuration Preventive
    Configure the "Enable Native XMLHttp Support" setting. CC ID 02267 Configuration Preventive
    Configure the "Site to Zone Assignment List" to organizational standards. CC ID 08650 Configuration Preventive
    Configure the "Notification bar" setting to organizational standards. CC ID 10008 Configuration Preventive
    Implement only one application or primary function per network component or server. CC ID 00879 Systems Design, Build, and Implementation Preventive
    Remove all unnecessary functionality. CC ID 00882 Configuration Preventive
    Document that all enabled functions support secure configurations. CC ID 11985 Establish/Maintain Documentation Preventive
    Find and eradicate unauthorized world writable files. CC ID 01541 Configuration Preventive
    Strip dangerous/unneeded SUID/SGID system executables. CC ID 01542 Configuration Preventive
    Find and eradicate unauthorized SUID/SGID system executables. CC ID 01543 Configuration Preventive
    Find and eradicate unowned files and unowned directories. CC ID 01544 Configuration Preventive
    Disable logon prompts on serial ports. CC ID 01553 Configuration Preventive
    Disable "nobody" access for Secure RPC. CC ID 01554 Configuration Preventive
    Disable all unnecessary interfaces. CC ID 04826 Configuration Preventive
    Enable or disable all unused USB ports as appropriate. CC ID 06042 Configuration Preventive
    Disable all user-mounted removable file systems. CC ID 01536 Configuration Preventive
    Set the Bluetooth Security Mode to the organizational standard. CC ID 00587 Configuration Preventive
    Secure the Bluetooth headset connections. CC ID 00593 Configuration Preventive
    Verify wireless peripherals meet organizational security requirements. CC ID 00657 Testing Detective
    Disable automatic dial-in access to computers that have installed modems. CC ID 02036 Configuration Preventive
    Configure the "Turn off AutoPlay" setting. CC ID 01787 Configuration Preventive
    Configure the "Devices: Restrict floppy access to locally logged on users only" setting. CC ID 01732 Configuration Preventive
    Configure the "Devices: Restrict CD-ROM access to locally logged on users" setting. CC ID 01731 Configuration Preventive
    Configure the "Remove CD Burning features" setting. CC ID 04379 Configuration Preventive
    Disable Autorun. CC ID 01790 Configuration Preventive
    Disable USB devices (aka hotplugger). CC ID 01545 Configuration Preventive
    Enable or disable all unused auxiliary ports as appropriate. CC ID 06414 Configuration Preventive
    Remove rhosts support unless absolutely necessary. CC ID 01555 Configuration Preventive
    Remove weak authentication services from Pluggable Authentication Modules. CC ID 01556 Configuration Preventive
    Remove the /etc/hosts.equiv file. CC ID 01559 Configuration Preventive
    Create the /etc/ftpd/ftpusers file. CC ID 01560 Configuration Preventive
    Remove the X Wrapper and enable the X Display Manager. CC ID 01564 Configuration Preventive
    Remove empty crontab files and restrict file permissions to the file. CC ID 01571 Configuration Preventive
    Remove all compilers and assemblers from the system. CC ID 01594 Configuration Preventive
    Disable all unnecessary applications unless otherwise noted in a policy exception. CC ID 04827 Configuration Preventive
    Restrict and control the use of privileged utility programs. CC ID 12030 Technical Security Preventive
    Disable the storing of movies in cache in Apple's QuickTime. CC ID 04489 Configuration Preventive
    Install and enable file sharing utilities, as necessary. CC ID 02174 Configuration Preventive
    Disable boot services unless boot services are absolutely necessary. CC ID 01481 Configuration Preventive
    Disable File Services for Macintosh unless File Services for Macintosh are absolutely necessary. CC ID 04279 Configuration Preventive
    Configure the Trivial FTP Daemon service to organizational standards. CC ID 01484 Configuration Preventive
    Disable printer daemons or the printer service unless printer daemons or the printer service is absolutely necessary. CC ID 01487 Configuration Preventive
    Disable web server unless web server is absolutely necessary. CC ID 01490 Configuration Preventive
    Disable portmapper unless portmapper is absolutely necessary. CC ID 01492 Configuration Preventive
    Disable writesrv, pmd, and httpdlite unless writesrv, pmd, and httpdlite are absolutely necessary. CC ID 01498 Configuration Preventive
    Disable hwscan hardware detection unless hwscan hardware detection is absolutely necessary. CC ID 01504 Configuration Preventive
    Configure the “xinetd” service to organizational standards. CC ID 01509 Configuration Preventive
    Configure the /etc/xinetd.conf file permissions as appropriate. CC ID 01568 Configuration Preventive
    Disable inetd unless inetd is absolutely necessary. CC ID 01508 Configuration Preventive
    Disable Network Computing System unless it is absolutely necessary. CC ID 01497 Configuration Preventive
    Disable print server for macintosh unless print server for macintosh is absolutely necessary. CC ID 04284 Configuration Preventive
    Disable Print Server unless Print Server is absolutely necessary. CC ID 01488 Configuration Preventive
    Disable ruser/remote login/remote shell/rcp command, unless it is absolutely necessary. CC ID 01480 Configuration Preventive
    Disable xfsmd unless xfsmd is absolutely necessary. CC ID 02179 Configuration Preventive
    Disable RPC-based services unless RPC-based services are absolutely necessary. CC ID 01455 Configuration Preventive
    Disable netfs script unless netfs script is absolutely necessary. CC ID 01495 Configuration Preventive
    Disable Remote Procedure Calls unless Remote Procedure Calls are absolutely necessary and if enabled, set restrictions. CC ID 01456 Configuration Preventive
    Configure the "RPC Endpoint Mapper Client Authentication" setting. CC ID 04327 Configuration Preventive
    Disable ncpfs Script unless ncpfs Script is absolutely necessary. CC ID 01494 Configuration Preventive
    Disable sendmail server unless sendmail server is absolutely necessary. CC ID 01511 Configuration Preventive
    Disable postfix unless postfix is absolutely necessary. CC ID 01512 Configuration Preventive
    Disable directory server unless directory server is absolutely necessary. CC ID 01464 Configuration Preventive
    Disable Windows-compatibility client processes unless Windows-compatibility client processes are absolutely necessary. CC ID 01471 Configuration Preventive
    Disable Windows-compatibility servers unless Windows-compatibility servers are absolutely necessary. CC ID 01470 Configuration Preventive
    Configure the “Network File System” server to organizational standards CC ID 01472 Configuration Preventive
    Configure NFS to respond or not as appropriate to NFS client requests that do not include a User ID. CC ID 05981 Configuration Preventive
    Configure NFS with appropriate authentication methods. CC ID 05982 Configuration Preventive
    Configure the "AUTH_DES authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08971 Configuration Preventive
    Configure the "AUTH_KERB authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08972 Configuration Preventive
    Configure the "AUTH_NONE authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08973 Configuration Preventive
    Configure the "AUTH_UNIX authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08974 Configuration Preventive
    Disable webmin processes unless the webmin process is absolutely necessary. CC ID 01501 Configuration Preventive
    Disable automount daemon unless automount daemon is absolutely necessary. CC ID 01476 Configuration Preventive
    Disable CDE-related daemons unless CDE-related daemons are absolutely necessary. CC ID 01474 Configuration Preventive
    Disable finger unless finger is absolutely necessary. CC ID 01505 Configuration Preventive
    Disable Rexec unless Rexec is absolutely necessary. CC ID 02164 Configuration Preventive
    Disable Squid cache server unless Squid cache server is absolutely necessary. CC ID 01502 Configuration Preventive
    Disable Kudzu hardware detection unless Kudzu hardware detection is absolutely necessary. CC ID 01503 Configuration Preventive
    Install and enable public Instant Messaging clients as necessary. CC ID 02173 Configuration Preventive
    Disable x font server unless x font server is absolutely necessary. CC ID 01499 Configuration Preventive
    Validate, approve, and document all UNIX shells prior to use. CC ID 02161 Establish/Maintain Documentation Preventive
    Disable NFS client processes unless NFS client processes are absolutely necessary. CC ID 01475 Configuration Preventive
    Disable the use of removable storage media for systems that process restricted data or restricted information, as necessary. CC ID 06681 Data and Information Management Preventive
    Disable removable storage media daemon unless the removable storage media daemon is absolutely necessary. CC ID 01477 Configuration Preventive
    Disable GSS daemon unless GSS daemon is absolutely necessary. CC ID 01465 Configuration Preventive
    Disable Computer Browser unless Computer Browser is absolutely necessary. CC ID 01814 Configuration Preventive
    Configure the Computer Browser ResetBrowser Frames as appropriate. CC ID 05984 Configuration Preventive
    Configure the /etc/samba/smb.conf file file permissions as appropriate. CC ID 05989 Configuration Preventive
    Disable NetMeeting remote desktop sharing unless NetMeeting remote desktop sharing is absolutely necessary. CC ID 01821 Configuration Preventive
    Disable web directory browsing on all web-enabled devices. CC ID 01874 Configuration Preventive
    Disable WWW publishing services unless WWW publishing services are absolutely necessary. CC ID 01833 Configuration Preventive
    Install and enable samba, as necessary. CC ID 02175 Configuration Preventive
    Configure the samba hosts allow option with an appropriate set of networks. CC ID 05985 Configuration Preventive
    Configure the samba security option option as appropriate. CC ID 05986 Configuration Preventive
    Configure the samba encrypt passwords option as appropriate. CC ID 05987 Configuration Preventive
    Configure the Samba 'smb passwd file' option with an appropriate password file or no password file. CC ID 05988 Configuration Preventive
    Disable Usenet Internet news package file capabilities unless Usenet Internet news package file capabilities are absolutely necessary. CC ID 02176 Configuration Preventive
    Disable iPlanet Web Server unless iPlanet Web Server is absolutely necessary. CC ID 02172 Configuration Preventive
    Disable volume manager unless volume manager is absolutely necessary. CC ID 01469 Configuration Preventive
    Disable Solaris Management Console unless Solaris Management Console is absolutely necessary. CC ID 01468 Configuration Preventive
    Disable the Graphical User Interface unless it is absolutely necessary. CC ID 01466 Configuration Preventive
    Disable help and support unless help and support is absolutely necessary. CC ID 04280 Configuration Preventive
    Disable speech recognition unless speech recognition is absolutely necessary. CC ID 04491 Configuration Preventive
    Disable or secure the NetWare QuickFinder search engine. CC ID 04453 Configuration Preventive
    Disable messenger unless messenger is absolutely necessary. CC ID 01819 Configuration Preventive
    Configure the "Do not allow Windows Messenger to be run" setting. CC ID 04516 Configuration Preventive
    Configure the "Do not automatically start Windows Messenger initially" setting. CC ID 04517 Configuration Preventive
    Configure the "Turn off the Windows Messenger Customer Experience Improvement Program" setting. CC ID 04330 Configuration Preventive
    Disable automatic updates unless automatic updates are absolutely necessary. CC ID 01811 Configuration Preventive
    Configure automatic update installation and shutdown/restart options and shutdown/restart procedures to organizational standards. CC ID 05979 Configuration Preventive
    Disable Name Service Cache Daemon unless Name Service Cache Daemon is absolutely necessary. CC ID 04846 Configuration Preventive
    Prohibit R-command files from existing for root or administrator. CC ID 16322 Configuration Preventive
    Verify the /bin/rsh file exists or not, as appropriate. CC ID 05101 Configuration Preventive
    Verify the /sbin/rsh file exists or not, as appropriate. CC ID 05102 Configuration Preventive
    Verify the /usr/bin/rsh file exists or not, as appropriate. CC ID 05103 Configuration Preventive
    Verify the /etc/ftpusers file exists or not, as appropriate. CC ID 05104 Configuration Preventive
    Verify the /etc/rsh file exists or not, as appropriate. CC ID 05105 Configuration Preventive
    Install or uninstall the AIDE package, as appropriate. CC ID 05106 Configuration Preventive
    Enable the GNOME automounter (gnome-volume-manager) as necessary. CC ID 05107 Configuration Preventive
    Install or uninstall the setroubleshoot package, as appropriate. CC ID 05108 Configuration Preventive
    Configure Avahi properly. CC ID 05109 Configuration Preventive
    Install or uninstall OpenNTPD, as appropriate. CC ID 05110 Configuration Preventive
    Configure the "httpd" service to organizational standards. CC ID 05111 Configuration Preventive
    Install or uninstall the net-smtp package properly. CC ID 05112 Configuration Preventive
    Configure the apache web service properly. CC ID 05113 Configuration Preventive
    Configure the vlock package properly. CC ID 05114 Configuration Preventive
    Establish, implement, and maintain service accounts. CC ID 13861 Technical Security Preventive
    Review the ownership of service accounts, as necessary. CC ID 13863 Technical Security Detective
    Manage access credentials for service accounts. CC ID 13862 Technical Security Preventive
    Configure the daemon account properly. CC ID 05115 Configuration Preventive
    Configure the bin account properly. CC ID 05116 Configuration Preventive
    Configure the nuucp account properly. CC ID 05117 Configuration Preventive
    Configure the smmsp account properly. CC ID 05118 Configuration Preventive
    Configure the listen account properly. CC ID 05119 Configuration Preventive
    Configure the gdm account properly. CC ID 05120 Configuration Preventive
    Configure the webservd account properly. CC ID 05121 Configuration Preventive
    Configure the nobody account properly. CC ID 05122 Configuration Preventive
    Configure the noaccess account properly. CC ID 05123 Configuration Preventive
    Configure the nobody4 account properly. CC ID 05124 Configuration Preventive
    Configure the sys account properly. CC ID 05125 Configuration Preventive
    Configure the adm account properly. CC ID 05126 Configuration Preventive
    Configure the lp account properly. CC ID 05127 Configuration Preventive
    Configure the uucp account properly. CC ID 05128 Configuration Preventive
    Install or uninstall the tftp-server package, as appropriate. CC ID 05130 Configuration Preventive
    Enable the web console as necessary. CC ID 05131 Configuration Preventive
    Enable rlogin auth by Pluggable Authentication Modules or pam.d properly. CC ID 05132 Configuration Preventive
    Enable rsh auth by Pluggable Authentication Modules properly. CC ID 05133 Configuration Preventive
    Enable the listening sendmail daemon, as appropriate. CC ID 05134 Configuration Preventive
    Configure Squid properly. CC ID 05135 Configuration Preventive
    Configure the "global Package signature checking" setting to organizational standards. CC ID 08735 Establish/Maintain Documentation Preventive
    Configure the "Package signature checking" setting for "all configured repositories" to organizational standards. CC ID 08736 Establish/Maintain Documentation Preventive
    Configure the "verify against the package database" setting for "all installed software packages" to organizational standards. CC ID 08737 Establish/Maintain Documentation Preventive
    Configure the "isdn4k-utils" package to organizational standards. CC ID 08738 Establish/Maintain Documentation Preventive
    Configure the "postfix" package to organizational standards. CC ID 08739 Establish/Maintain Documentation Preventive
    Configure the "vsftpd" package to organizational standards. CC ID 08740 Establish/Maintain Documentation Preventive
    Configure the "net-snmpd" package to organizational standards. CC ID 08741 Establish/Maintain Documentation Preventive
    Configure the "rsyslog" package to organizational standards. CC ID 08742 Establish/Maintain Documentation Preventive
    Configure the "ipsec-tools" package to organizational standards. CC ID 08743 Establish/Maintain Documentation Preventive
    Configure the "pam_ccreds" package to organizational standards. CC ID 08744 Establish/Maintain Documentation Preventive
    Configure the "talk-server" package to organizational standards. CC ID 08745 Establish/Maintain Documentation Preventive
    Configure the "talk" package to organizational standards. CC ID 08746 Establish/Maintain Documentation Preventive
    Configure the "irda-utils" package to organizational standards. CC ID 08747 Establish/Maintain Documentation Preventive
    Configure the "/etc/shells" file to organizational standards. CC ID 08978 Configuration Preventive
    Configure the LDAP package to organizational standards. CC ID 09937 Configuration Preventive
    Configure the "FTP server" package to organizational standards. CC ID 09938 Configuration Preventive
    Configure the "HTTP Proxy Server" package to organizational standards. CC ID 09939 Configuration Preventive
    Configure the "prelink" package to organizational standards. CC ID 11379 Configuration Preventive
    Configure the Network Information Service (NIS) package to organizational standards. CC ID 11380 Configuration Preventive
    Configure the "time" setting to organizational standards. CC ID 11381 Configuration Preventive
    Configure the "biosdevname" package to organizational standards. CC ID 11383 Configuration Preventive
    Configure the "ufw" setting to organizational standards. CC ID 11384 Configuration Preventive
    Configure the "Devices: Allow undock without having to log on" setting. CC ID 01728 Configuration Preventive
    Limit the user roles that are allowed to format and eject removable storage media. CC ID 01729 Configuration Preventive
    Prevent users from installing printer drivers. CC ID 01730 Configuration Preventive
    Minimize the inetd.conf file and set the file to the appropriate permissions. CC ID 01506 Configuration Preventive
    Configure the unsigned driver installation behavior. CC ID 01733 Configuration Preventive
    Configure the unsigned non-driver installation behavior. CC ID 02038 Configuration Preventive
    Remove all demonstration applications on the system. CC ID 01875 Configuration Preventive
    Configure the system to disallow optional Subsystems. CC ID 04265 Configuration Preventive
    Configure the "Remove Security tab" setting. CC ID 04380 Configuration Preventive
    Disable all unnecessary services unless otherwise noted in a policy exception. CC ID 00880 Configuration Preventive
    Disable rquotad unless rquotad is absolutely necessary. CC ID 01473 Configuration Preventive
    Configure the rquotad service to use a static port or a dynamic portmapper port as appropriate. CC ID 05983 Configuration Preventive
    Disable telnet unless telnet use is absolutely necessary. CC ID 01478 Configuration Preventive
    Disable File Transfer Protocol unless File Transfer Protocol use is absolutely necessary. CC ID 01479 Configuration Preventive
    Configure anonymous FTP to restrict the use of restricted data. CC ID 16314 Configuration Preventive
    Disable anonymous access to File Transfer Protocol. CC ID 06739 Configuration Preventive
    Disable Internet Message Access Protocol unless Internet Message Access Protocol use is absolutely necessary. CC ID 01485 Configuration Preventive
    Disable Post Office Protocol unless its use is absolutely necessary. CC ID 01486 Configuration Preventive
    Disable SQLServer processes unless SQLServer processes use is absolutely necessary. CC ID 01500 Configuration Preventive
    Disable alerter unless alerter use is absolutely necessary. CC ID 01810 Configuration Preventive
    Disable Background Intelligent Transfer Service unless Background Intelligent Transfer Service use is absolutely necessary. CC ID 01812 Configuration Preventive
    Disable ClipBook unless ClipBook use is absolutely necessary. CC ID 01813 Configuration Preventive
    Disable Fax Service unless Fax Service use is absolutely necessary. CC ID 01815 Configuration Preventive
    Disable IIS admin service unless IIS admin service use is absolutely necessary. CC ID 01817 Configuration Preventive
    Disable indexing service unless indexing service use is absolutely necessary. CC ID 01818 Configuration Preventive
    Disable net logon unless net logon use is absolutely necessary. CC ID 01820 Configuration Preventive
    Disable Remote Desktop Help Session Manager unless Remote Desktop Help Session Manager use is absolutely necessary. CC ID 01822 Configuration Preventive
    Disable the "Offer Remote Assistance" setting. CC ID 04325 Configuration Preventive
    Disable the "Solicited Remote Assistance" setting. CC ID 04326 Configuration Preventive
    Disable Remote Registry Service unless Remote Registry Service use is absolutely necessary. CC ID 01823 Configuration Preventive
    Disable Routing and Remote Access unless Routing and Remote Access use is necessary. CC ID 01824 Configuration Preventive
    Disable task scheduler unless task scheduler use is absolutely necessary. CC ID 01829 Configuration Preventive
    Disable Terminal Services unless Terminal Services use is absolutely necessary. CC ID 01831 Configuration Preventive
    Disable Universal Plug and Play device host unless Universal Plug and Play device host use is absolutely necessary. CC ID 01832 Configuration Preventive
    Disable File Service Protocol. CC ID 02167 Configuration Preventive
    Disable the License Logging Service unless unless it is absolutely necessary. CC ID 04282 Configuration Preventive
    Disable Remote Access Auto Connection Manager unless Remote Access Auto Connection Manager use is absolutely necessary. CC ID 04285 Configuration Preventive
    Disable Remote Access Connection Manager unless Remote Access Connection Manager use is absolutely necessary. CC ID 04286 Configuration Preventive
    Disable Remote Administration Service unless remote administration management is absolutely necessary. CC ID 04287 Configuration Preventive
    Disable remote installation unless remote installation is absolutely necessary. CC ID 04288 Configuration Preventive
    Disable Remote Server Manager unless Remote Server Manager is absolutely necessary. CC ID 04289 Configuration Preventive
    Disable Remote Server Monitor unless Remote Server Monitor use is absolutely necessary. CC ID 04290 Configuration Preventive
    Disable Remote Storage Notification unless Remote Storage Notification use is absolutely necessary. CC ID 04291 Configuration Preventive
    Disable Remote Storage Server unless Remote Storage Server use is absolutely necessary. CC ID 04292 Configuration Preventive
    Disable telephony services unless telephony services use is absolutely necessary. CC ID 04293 Configuration Preventive
    Disable Wireless Zero Configuration service unless Wireless Zero Configuration service use is absolutely necessary. CC ID 04294 Configuration Preventive
    Disable SSDP/UPnp unless SSDP/UPnP is absolutely necessary. CC ID 04315 Configuration Preventive
    Configure the "ntpd service" setting to organizational standards. CC ID 04911 Configuration Preventive
    Configure the "echo service" setting to organizational standards. CC ID 04912 Configuration Preventive
    Configure the "echo-dgram service" setting to organizational standards. CC ID 09927 Configuration Preventive
    Configure the "echo-stream service" setting to organizational standards. CC ID 09928 Configuration Preventive
    Configure the "AllowTcpForwarding" to organizational standards. CC ID 15327 Configuration Preventive
    Configure the "tcpmux-server" setting to organizational standards. CC ID 09929 Configuration Preventive
    Configure the "netstat service" setting to organizational standards. CC ID 04913 Configuration Preventive
    Configure the "character generator protocol (chargen)" setting to organizational standards. CC ID 04914 Configuration Preventive
    Configure the "tftpd service" setting to organizational standards. CC ID 04915 Configuration Preventive
    Configure the "walld service" setting to organizational standards. CC ID 04916 Configuration Preventive
    Configure the "rstatd service" setting to organizational standards. CC ID 04917 Configuration Preventive
    Configure the "sprayd service" setting to organizational standards. CC ID 04918 Configuration Preventive
    Configure the "rusersd service" setting to organizational standards. CC ID 04919 Configuration Preventive
    Configure the "inn service" setting to organizational standards. CC ID 04920 Configuration Preventive
    Configure the "font service" setting to organizational standards. CC ID 04921 Configuration Preventive
    Configure the "ident service" setting to organizational standards. CC ID 04922 Configuration Preventive
    Configure the "rexd service" setting to organizational standards. CC ID 04923 Configuration Preventive
    Configure the "daytime service" setting to organizational standards. CC ID 04924 Configuration Preventive
    Configure the "dtspc (cde-spc) service" setting to organizational standards. CC ID 04925 Configuration Preventive
    Configure the "cmsd service" setting to organizational standards. CC ID 04926 Configuration Preventive
    Configure the "ToolTalk service" setting to organizational standards. CC ID 04927 Configuration Preventive
    Configure the "discard service" setting to organizational standards. CC ID 04928 Configuration Preventive
    Configure the "vino-server service" setting to organizational standards. CC ID 04929 Configuration Preventive
    Configure the "bind service" setting to organizational standards. CC ID 04930 Configuration Preventive
    Configure the "nfsd service" setting to organizational standards. CC ID 04931 Configuration Preventive
    Configure the "mountd service" setting to organizational standards. CC ID 04932 Configuration Preventive
    Configure the "statd service" setting to organizational standards. CC ID 04933 Configuration Preventive
    Configure the "lockd service" setting to organizational standards. CC ID 04934 Configuration Preventive
    Configure the lockd service to use a static port or a dynamic portmapper port for User Datagram Protocol as appropriate. CC ID 05980 Configuration Preventive
    Configure the "decode sendmail alias" setting to organizational standards. CC ID 04935 Configuration Preventive
    Configure the sendmail vrfy command, as appropriate. CC ID 04936 Configuration Preventive
    Configure the sendmail expn command, as appropriate. CC ID 04937 Configuration Preventive
    Configure .netrc with an appropriate set of services. CC ID 04938 Configuration Preventive
    Enable NFS insecure locks as necessary. CC ID 04939 Configuration Preventive
    Configure the "X server ac" setting to organizational standards. CC ID 04940 Configuration Preventive
    Configure the "X server core" setting to organizational standards. CC ID 04941 Configuration Preventive
    Enable or disable the setroubleshoot service, as appropriate. CC ID 05540 Configuration Preventive
    Configure the "X server nolock" setting to organizational standards. CC ID 04942 Configuration Preventive
    Enable or disable the mcstrans service, as appropriate. CC ID 05541 Configuration Preventive
    Configure the "PAM console" setting to organizational standards. CC ID 04943 Configuration Preventive
    Enable or disable the restorecond service, as appropriate. CC ID 05542 Configuration Preventive
    Enable the rhnsd service as necessary. CC ID 04944 Configuration Preventive
    Enable the yum-updatesd service as necessary. CC ID 04945 Configuration Preventive
    Enable the autofs service as necessary. CC ID 04946 Configuration Preventive
    Enable the ip6tables service as necessary. CC ID 04947 Configuration Preventive
    Configure syslog to organizational standards. CC ID 04949 Configuration Preventive
    Enable the auditd service as necessary. CC ID 04950 Configuration Preventive
    Enable the logwatch service as necessary. CC ID 04951 Configuration Preventive
    Enable the logrotate (syslog rotator) service as necessary. CC ID 04952 Configuration Preventive
    Install or uninstall the telnet server package, only if absolutely necessary. CC ID 04953 Configuration Preventive
    Enable the ypbind service as necessary. CC ID 04954 Configuration Preventive
    Enable the ypserv service as necessary. CC ID 04955 Configuration Preventive
    Enable the firstboot service as necessary. CC ID 04956 Configuration Preventive
    Enable the gpm service as necessary. CC ID 04957 Configuration Preventive
    Enable the irqbalance service as necessary. CC ID 04958 Configuration Preventive
    Enable the isdn service as necessary. CC ID 04959 Configuration Preventive
    Enable the kdump service as necessary. CC ID 04960 Configuration Preventive
    Enable the mdmonitor service as necessary. CC ID 04961 Configuration Preventive
    Enable the microcode_ctl service as necessary. CC ID 04962 Configuration Preventive
    Enable the pcscd service as necessary. CC ID 04963 Configuration Preventive
    Enable the smartd service as necessary. CC ID 04964 Configuration Preventive
    Enable the readahead_early service as necessary. CC ID 04965 Configuration Preventive
    Enable the readahead_later service as necessary. CC ID 04966 Configuration Preventive
    Enable the messagebus service as necessary. CC ID 04967 Configuration Preventive
    Enable the haldaemon service as necessary. CC ID 04968 Configuration Preventive
    Enable the apmd service as necessary. CC ID 04969 Configuration Preventive
    Enable the acpid service as necessary. CC ID 04970 Configuration Preventive
    Enable the cpuspeed service as necessary. CC ID 04971 Configuration Preventive
    Enable the network service as necessary. CC ID 04972 Configuration Preventive
    Enable the hidd service as necessary. CC ID 04973 Configuration Preventive
    Enable the crond service as necessary. CC ID 04974 Configuration Preventive
    Install and enable the anacron service as necessary. CC ID 04975 Configuration Preventive
    Enable the xfs service as necessary. CC ID 04976 Configuration Preventive
    Install and enable the Avahi daemon service, as necessary. CC ID 04977 Configuration Preventive
    Enable the CUPS service, as necessary. CC ID 04978 Configuration Preventive
    Enable the hplip service as necessary. CC ID 04979 Configuration Preventive
    Enable the dhcpd service as necessary. CC ID 04980 Configuration Preventive
    Enable the nfslock service as necessary. CC ID 04981 Configuration Preventive
    Enable the rpcgssd service as necessary. CC ID 04982 Configuration Preventive
    Enable the rpcidmapd service as necessary. CC ID 04983 Configuration Preventive
    Enable the rpcsvcgssd service as necessary. CC ID 04985 Configuration Preventive
    Configure root squashing for all NFS shares, as appropriate. CC ID 04986 Configuration Preventive
    Configure write access to NFS shares, as appropriate. CC ID 04987 Configuration Preventive
    Configure the named service, as appropriate. CC ID 04988 Configuration Preventive
    Configure the vsftpd service, as appropriate. CC ID 04989 Configuration Preventive
    Configure the “dovecot” service to organizational standards. CC ID 04990 Configuration Preventive
    Configure Server Message Block (SMB) to organizational standards. CC ID 04991 Configuration Preventive
    Enable the snmpd service as necessary. CC ID 04992 Configuration Preventive
    Enable the calendar manager as necessary. CC ID 04993 Configuration Preventive
    Enable the GNOME logon service as necessary. CC ID 04994 Configuration Preventive
    Enable the WBEM services as necessary. CC ID 04995 Configuration Preventive
    Enable the keyserv service as necessary. CC ID 04996 Configuration Preventive
    Enable the Generic Security Service daemon as necessary. CC ID 04997 Configuration Preventive
    Enable the volfs service as necessary. CC ID 04998 Configuration Preventive
    Enable the smserver service as necessary. CC ID 04999 Configuration Preventive
    Enable the mpxio-upgrade service as necessary. CC ID 05000 Configuration Preventive
    Enable the metainit service as necessary. CC ID 05001 Configuration Preventive
    Enable the meta service as necessary. CC ID 05003 Configuration Preventive
    Enable the metaed service as necessary. CC ID 05004 Configuration Preventive
    Enable the metamh service as necessary. CC ID 05005 Configuration Preventive
    Enable the Local RPC Port Mapping Service as necessary. CC ID 05006 Configuration Preventive
    Enable the Kerberos kadmind service as necessary. CC ID 05007 Configuration Preventive
    Enable the Kerberos krb5kdc service as necessary. CC ID 05008 Configuration Preventive
    Enable the Kerberos kpropd service as necessary. CC ID 05009 Configuration Preventive
    Enable the Kerberos ktkt_warnd service as necessary. CC ID 05010 Configuration Preventive
    Enable the sadmin service as necessary. CC ID 05011 Configuration Preventive
    Enable the IPP listener as necessary. CC ID 05012 Configuration Preventive
    Enable the serial port listener as necessary. CC ID 05013 Configuration Preventive
    Enable the Smart Card Helper service as necessary. CC ID 05014 Configuration Preventive
    Enable the Application Management service as necessary. CC ID 05015 Configuration Preventive
    Enable the Resultant Set of Policy (RSoP) Provider service as necessary. CC ID 05016 Configuration Preventive
    Enable the Network News Transport Protocol service as necessary. CC ID 05017 Configuration Preventive
    Enable the network Dynamic Data Exchange service as necessary. CC ID 05018 Configuration Preventive
    Enable the Distributed Link Tracking Server service as necessary. CC ID 05019 Configuration Preventive
    Enable the RARP service as necessary. CC ID 05020 Configuration Preventive
    Configure the ".NET Framework service" setting to organizational standards. CC ID 05021 Configuration Preventive
    Enable the Network DDE Share Database Manager service as necessary. CC ID 05022 Configuration Preventive
    Enable the Certificate Services service as necessary. CC ID 05023 Configuration Preventive
    Configure the ATI hotkey poller service properly. CC ID 05024 Configuration Preventive
    Configure the Interix Subsystem Startup service properly. CC ID 05025 Configuration Preventive
    Configure the Cluster Service service properly. CC ID 05026 Configuration Preventive
    Configure the IAS Jet Database Access service properly. CC ID 05027 Configuration Preventive
    Configure the IAS service properly. CC ID 05028 Configuration Preventive
    Configure the IP Version 6 Helper service properly. CC ID 05029 Configuration Preventive
    Configure "Message Queuing service" to organizational standards. CC ID 05030 Configuration Preventive
    Configure the Message Queuing Down Level Clients service properly. CC ID 05031 Configuration Preventive
    Configure the Windows Management Instrumentation Driver Extensions service properly. CC ID 05033 Configuration Preventive
    Configure the TCP/IP NetBIOS Helper Service properly. CC ID 05034 Configuration Preventive
    Configure the Utility Manager service properly. CC ID 05035 Configuration Preventive
    Configure the secondary logon service properly. CC ID 05036 Configuration Preventive
    Configure the Windows Management Instrumentation service properly. CC ID 05037 Configuration Preventive
    Configure the Workstation service properly. CC ID 05038 Configuration Preventive
    Configure the Windows Installer service properly. CC ID 05039 Configuration Preventive
    Configure the Windows System Resource Manager service properly. CC ID 05040 Configuration Preventive
    Configure the WinHTTP Web Proxy Auto-Discovery Service properly. CC ID 05041 Configuration Preventive
    Configure the Services for Unix Client for NFS service properly. CC ID 05042 Configuration Preventive
    Configure the Services for Unix Server for PCNFS service properly. CC ID 05043 Configuration Preventive
    Configure the Services for Unix Perl Socket service properly. CC ID 05044 Configuration Preventive
    Configure the Services for Unix User Name Mapping service properly. CC ID 05045 Configuration Preventive
    Configure the Services for Unix Windows Cron service properly. CC ID 05046 Configuration Preventive
    Configure the Windows Media Services service properly. CC ID 05047 Configuration Preventive
    Configure the Services for Netware Service Advertising Protocol (SAP) Agent properly. CC ID 05048 Configuration Preventive
    Configure the Web Element Manager service properly. CC ID 05049 Configuration Preventive
    Configure the Remote Installation Services Single Instance Storage (SIS) Groveler service properly. CC ID 05050 Configuration Preventive
    Configure the Terminal Services Licensing service properly. CC ID 05051 Configuration Preventive
    Configure the COM+ Event System service properly. CC ID 05052 Configuration Preventive
    Configure the Event Log service properly. CC ID 05053 Configuration Preventive
    Configure the Infrared Monitor service properly. CC ID 05054 Configuration Preventive
    Configure the Services for Unix Server for NFS service properly. CC ID 05055 Configuration Preventive
    Configure the System Event Notification Service properly. CC ID 05056 Configuration Preventive
    Configure the NTLM Security Support Provider service properly. CC ID 05057 Configuration Preventive
    Configure the Performance Logs and Alerts service properly. CC ID 05058 Configuration Preventive
    Configure the Protected Storage service properly. CC ID 05059 Configuration Preventive
    Configure the QoS Admission Control (RSVP) service properly. CC ID 05060 Configuration Preventive
    Configure the Remote Procedure Call service properly. CC ID 05061 Configuration Preventive
    Configure the Removable Storage service properly. CC ID 05062 Configuration Preventive
    Configure the Server service properly. CC ID 05063 Configuration Preventive
    Configure the Security Accounts Manager service properly. CC ID 05064 Configuration Preventive
    Configure the “Network Connections” service to organizational standards. CC ID 05065 Configuration Preventive
    Configure the Logical Disk Manager service properly. CC ID 05066 Configuration Preventive
    Configure the Logical Disk Manager Administrative Service properly. CC ID 05067 Configuration Preventive
    Configure the File Replication service properly. CC ID 05068 Configuration Preventive
    Configure the Kerberos Key Distribution Center service properly. CC ID 05069 Configuration Preventive
    Configure the Intersite Messaging service properly. CC ID 05070 Configuration Preventive
    Configure the Remote Procedure Call locator service properly. CC ID 05071 Configuration Preventive
    Configure the Distributed File System service properly. CC ID 05072 Configuration Preventive
    Configure the Windows Internet Name Service service properly. CC ID 05073 Configuration Preventive
    Configure the FTP Publishing Service properly. CC ID 05074 Configuration Preventive
    Configure the Windows Search service properly. CC ID 05075 Configuration Preventive
    Configure the Microsoft Peer-to-Peer Networking Services service properly. CC ID 05076 Configuration Preventive
    Configure the Remote Shell service properly. CC ID 05077 Configuration Preventive
    Configure Simple TCP/IP services to organizational standards. CC ID 05078 Configuration Preventive
    Configure the Print Services for Unix service properly. CC ID 05079 Configuration Preventive
    Configure the File Shares service to organizational standards. CC ID 05080 Configuration Preventive
    Configure the NetMeeting service properly. CC ID 05081 Configuration Preventive
    Configure the Application Layer Gateway service properly. CC ID 05082 Configuration Preventive
    Configure the Cryptographic Services service properly. CC ID 05083 Configuration Preventive
    Configure the Help and Support Service properly. CC ID 05084 Configuration Preventive
    Configure the Human Interface Device Access service properly. CC ID 05085 Configuration Preventive
    Configure the IMAPI CD-Burning COM service properly. CC ID 05086 Configuration Preventive
    Configure the MS Software Shadow Copy Provider service properly. CC ID 05087 Configuration Preventive
    Configure the Network Location Awareness service properly. CC ID 05088 Configuration Preventive
    Configure the Portable Media Serial Number Service service properly. CC ID 05089 Configuration Preventive
    Configure the System Restore Service service properly. CC ID 05090 Configuration Preventive
    Configure the Themes service properly. CC ID 05091 Configuration Preventive
    Configure the Uninterruptible Power Supply service properly. CC ID 05092 Configuration Preventive
    Configure the Upload Manager service properly. CC ID 05093 Configuration Preventive
    Configure the Volume Shadow Copy Service properly. CC ID 05094 Configuration Preventive
    Configure the WebClient service properly. CC ID 05095 Configuration Preventive
    Configure the Windows Audio service properly. CC ID 05096 Configuration Preventive
    Configure the Windows Image Acquisition service properly. CC ID 05097 Configuration Preventive
    Configure the WMI Performance Adapter service properly. CC ID 05098 Configuration Preventive
    Enable file uploads via vsftpd service, as appropriate. CC ID 05100 Configuration Preventive
    Disable or remove sadmind unless use of sadmind is absolutely necessary. CC ID 06885 Configuration Preventive
    Configure the "SNMP version 1" setting to organizational standards. CC ID 08976 Configuration Preventive
    Configure the "xdmcp service" setting to organizational standards. CC ID 08985 Configuration Preventive
    Disable the automatic display of remote images in HTML-formatted e-mail. CC ID 04494 Configuration Preventive
    Disable Remote Apply Events unless Remote Apply Events are absolutely necessary. CC ID 04495 Configuration Preventive
    Disable Xgrid unless Xgrid is absolutely necessary. CC ID 04496 Configuration Preventive
    Configure the "Do Not Show First Use Dialog Boxes" setting for Windows Media Player properly. CC ID 05136 Configuration Preventive
    Disable Core dumps unless absolutely necessary. CC ID 01507 Configuration Preventive
    Set hard core dump size limits, as appropriate. CC ID 05990 Configuration Preventive
    Configure the "Prevent Desktop Shortcut Creation" setting for Windows Media Player properly. CC ID 05137 Configuration Preventive
    Set the Squid EUID and Squid GUID to an appropriate user and group. CC ID 05138 Configuration Preventive
    Verify groups referenced in /etc/passwd are included in /etc/group, as appropriate. CC ID 05139 Configuration Preventive
    Use of the cron.allow file should be enabled or disabled as appropriate. CC ID 06014 Configuration Preventive
    Use of the at.allow file should be enabled or disabled as appropriate. CC ID 06015 Configuration Preventive
    Enable or disable the Dynamic DNS feature of the DHCP Server as appropriate. CC ID 06039 Configuration Preventive
    Enable or disable each user's Screen saver software, as necessary. CC ID 06050 Configuration Preventive
    Disable any unnecessary scripting languages, as necessary. CC ID 12137 Configuration Preventive
    Establish, implement, and maintain the interactive logon settings. CC ID 01739 Establish/Maintain Documentation Preventive
    Configure the system to refrain from completing authentication methods when a security breach is detected. CC ID 13790 Configuration Preventive
    Allow logon to privileged accounts, as appropriate. CC ID 05281 Configuration Preventive
    Verify the logon accounts include an appropriate GECOS identifier, as appropriate. CC ID 05280 Configuration Preventive
    Configure the "/etc/shadow" settings to organizational standards. CC ID 15332 Configuration Preventive
    Set the default su console properly. CC ID 05279 Configuration Preventive
    Set the default logon console properly. CC ID 05278 Configuration Preventive
    Enable or disable local user logon to the vsftpd service, as appropriate. CC ID 05277 Configuration Preventive
    Enable or disable anonymous root logons, as appropriate. CC ID 05276 Configuration Preventive
    Enable or disable interactive logon to non-root system accounts, as necessary. CC ID 05275 Configuration Preventive
    Enable or disable logins through the primary console device, as appropriate. CC ID 05274 Configuration Preventive
    Enable or disable logins through the named virtual console device, as appropriate. CC ID 05273 Configuration Preventive
    Enable or disable logons through the named virtual console interface, as appropriate. CC ID 05272 Configuration Preventive
    Configure the "Interactive logon: Do not display last user name" setting to organizational standards. CC ID 01740 Configuration Preventive
    Configure the "Interactive logon: Do not require CTRL+ALT+DEL" setting. CC ID 01741 Configuration Preventive
    Configure the system logon banner. CC ID 01742 Configuration Preventive
    Configure the system logon banner message title. CC ID 01743 Configuration Preventive
    Configure the "interactive logon: number of previous logons to cache (in case domain controller is not available" setting. CC ID 01744 Configuration Preventive
    Configure the "Interactive logon: Require Domain Controller authentication to unlock workstation" setting. CC ID 01746 Configuration Preventive
    Configure the Prompt for password on resume from hibernate / suspend setting. CC ID 04356 Configuration Preventive
    Configure the "Interactive logon: Smart card removal behavior" setting. CC ID 01747 Configuration Preventive
    Configure the "Recovery console: Allow automatic administrative logon" setting. CC ID 01776 Configuration Preventive
    Configure the "Recovery console: Allow floppy copy and access to all drivers and all folders" setting. CC ID 01777 Configuration Preventive
    Configure the system to require an Open Firmware password on system startup. CC ID 04479 Configuration Preventive
    Configure the "Interactive logon: Require removal card" setting. CC ID 06053 Configuration Preventive
    Configure the settings of the system registry and the systems objects (for Windows OS only). CC ID 01781 Configuration Preventive
    Configure ICMP timestamp request responses properly. CC ID 05150 Configuration Preventive
    Configure the Administrators group as the default owner for all new objects. CC ID 01782 Configuration Preventive
    Configure the "System objects: Require case-insensitivity for non-Windows systems" setting. CC ID 01783 Configuration Preventive
    Configure the "System objects: Strengthen default permissions of internal system objects" setting. CC ID 01784 Configuration Preventive
    Configure the system to suppress Dr. Watson Crash dumps. CC ID 01785 Configuration Preventive
    Disable automatic execution of the system debugger. CC ID 01786 Configuration Preventive
    Disable automatic logon. CC ID 01788 Configuration Preventive
    Disable automatic reboots after a Blue Screen of Death. CC ID 01789 Configuration Preventive
    Remove administrative shares on workstations. CC ID 01791 Configuration Preventive
    Configure the system to protect against Browser Spoofing attacks. CC ID 01792 Configuration Preventive
    Configure the system to protect against source-routing spoofing. CC ID 01793 Configuration Preventive
    Configure the system to protect the default gateway network setting. CC ID 01794 Configuration Preventive
    Configure the TCP/IP Dead Gateway Detection as appropriate. CC ID 06025 Configuration Preventive
    Configure the system to ensure ICMP routing via the shortest path first. CC ID 01795 Configuration Preventive
    Configure the system to protect against packet fragmentation. CC ID 01796 Configuration Preventive
    Configure the keep-alive times. CC ID 01797 Configuration Preventive
    Configure the system to protect against malicious Name-Release Attacks. CC ID 01798 Configuration Preventive
    Disable Internet Router Discovery Protocol. CC ID 01799 Configuration Preventive
    Configure the system to protect against SYN Flood attacks. CC ID 01800 Configuration Preventive
    Configure the TCP Maximum half-open sockets. CC ID 01801 Configuration Preventive
    Configure the TCP Maximum half-open retired sockets. CC ID 01802 Configuration Preventive
    Configure the number of dropped connect requests to a set maximum. CC ID 04272 Configuration Preventive
    Enable Internet Protocol Security to protect Kerberos RSVP communication. CC ID 01803 Configuration Preventive
    Configure the system to hide workstations from the network browser listing. CC ID 01804 Configuration Preventive
    Enable the safe DSS search mode. CC ID 01805 Configuration Preventive
    Disable WebDAV basic authentication (sp 2 only). CC ID 01806 Configuration Preventive
    Disable basic authentication over a clear channel (sp 2 only). CC ID 01807 Configuration Preventive
    Enable the usb block storage device policy (sp 2 only). CC ID 01808 Configuration Preventive
    Block the Distributed Transaction Coordinator service and set additional Distributed Transaction Coordinator parameters, if necessary. CC ID 01809 Configuration Preventive
    Set the registry permission for HKLM\Software\Classes. CC ID 02010 Configuration Preventive
    Set the registry permission for HKLM\Software. CC ID 02011 Configuration Preventive
    Set the registry permission for HKLM\Software\Microsoft\NetDDE. CC ID 02012 Configuration Preventive
    Set the registry permission for HKLM\Software\Microsoft\OS/2 Subsystem for NT. CC ID 02013 Configuration Preventive
    Set the registry permission for HKLM\Software\Microsoft\Windows NT\CurrentVersion\AsrCommands. CC ID 02014 Configuration Preventive
    Set the registry permission for HKLM\Software\Microsoft\Windows NT\CurrentVersion\Perflib. CC ID 02015 Configuration Preventive
    Set the registry permission for HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy. CC ID 02016 Configuration Preventive
    Set the registry permission for HKLM\Software\Microsoft\Windows\CurrentVersion\Installer. CC ID 02017 Configuration Preventive
    Set the registry permission for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies. CC ID 02018 Configuration Preventive
    Set the registry permission for HKLM\System. CC ID 02019 Configuration Preventive
    Set the registry permission for HKLM\System\Clone. CC ID 02020 Configuration Preventive
    Set the registry permission for HKLM\System\ControlSet001. CC ID 02021 Configuration Preventive
    Set the registry permission for HKLM\System\ControlSet00x. CC ID 02022 Configuration Preventive
    Set the registry permission for HKLM\System\CurrentControlSet\Control\SecurePipeServers\WinReg. CC ID 02023 Configuration Preventive
    Set the registry permission for HKLM\System\CurrentControlSet\Control\WMI\Security. CC ID 02024 Configuration Preventive
    Set the registry permission for HKLM\System\CurrentControlSet\Enum. CC ID 02025 Configuration Preventive
    Set the registry permission for HKLM\System\CurrentControlSet\Hardware Profiles. CC ID 02026 Configuration Preventive
    Set the registry permission for HKLM\System\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers. CC ID 02027 Configuration Preventive
    Set the registry permission for HKLM\System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities. CC ID 02028 Configuration Preventive
    Set the registry permission for HKU\.Default. CC ID 02029 Configuration Preventive
    Set the registry permission for HKU\.Default\Software\Microsoft\NetDDE. CC ID 02030 Configuration Preventive
    Set the registry permission for HKU\.Default\Software\Microsoft\Protected Storage System Provider. CC ID 02031 Configuration Preventive
    Set the registry permission for %SystemDrive%. CC ID 02032 Configuration Preventive
    Enable auditing for HKLM\Software and set its registry permission. CC ID 02033 Configuration Preventive
    Enable auditing for HKLM\System and set its registry permission. CC ID 02034 Configuration Preventive
    Configure the system to a set number of unacknowledged data retransmissions. CC ID 04271 Configuration Preventive
    Configure the system to remap folder types to Notepad. CC ID 04312 Configuration Preventive
    Configure the system to show hidden file types. CC ID 04313 Configuration Preventive
    Configure the "Do not process the legacy run list" setting. CC ID 04322 Configuration Preventive
    Configure the "Do not process the run once list" setting. CC ID 04323 Configuration Preventive
    Configure "Registry policy processing" to organizational standards. CC ID 04324 Configuration Preventive
    Configure the "Restrict Terminal Server users to a single remote session" setting to organizational standards. CC ID 04510 Configuration Preventive
    Configure the "Do not use temporary folders per session" setting to organizational standards. CC ID 04513 Configuration Preventive
    Configure the "Do not delete temp folder upon exit" setting to organizational standards. CC ID 04514 Configuration Preventive
    Configure the "Turn off background refresh of Group Policy" setting to organizational standards. CC ID 04520 Configuration Preventive
    Configure the "Configure Windows NTP Client" setting. CC ID 04522 Configuration Preventive
    Configure the "Disallow installation of printers using kernel-mode drivers" setting to organizational standards. CC ID 04523 Configuration Preventive
    Configure the "Prevent codec download" setting to organizational standards. CC ID 04524 Configuration Preventive
    Verify the Posix registry key does not exist. CC ID 04525 Configuration Preventive
    Configure the Recycle Bin to delete files on assets running Windows Server 2003. CC ID 04526 Configuration Preventive
    Configure the system to allow only administrators with permissions to change the security settings of Distributed Component Object Model objects. CC ID 04529 Configuration Preventive
    Configure the system to allow Distributed Component Object Model calls to be executed only under the calling user's security context. CC ID 04530 Configuration Preventive
    Configure the version string reported by the bind service properly. CC ID 05140 Configuration Preventive
    Enable or disable performing source validation by reverse path, as appropriate. CC ID 05141 Configuration Preventive
    Verify the environment variable "Os2LibPath" exists, as appropriate. CC ID 05142 Configuration Preventive
    Define the path to the Microsoft OS/2 version 1.x library properly. CC ID 05143 Configuration Preventive
    Set the "Specify intranet Microsoft update service location" properly. CC ID 05144 Configuration Preventive
    Set the path to the debugger used for Just-In-Time debugging properly. CC ID 05145 Configuration Preventive
    Set the OS/2 Subsystem location properly. CC ID 05146 Configuration Preventive
    Configure extended TCP reserved ports properly. CC ID 05147 Configuration Preventive
    Enable or disable ICMPv4 redirects, as appropriate. CC ID 05148 Configuration Preventive
    Enable or disable ICMPv6 redirects, as appropriate. CC ID 05149 Configuration Preventive
    Configure ICMP timestamp broadcast request responses properly. CC ID 05151 Configuration Preventive
    Configure Internet Control Message Protocol echo (ping) request responses properly. CC ID 05152 Configuration Preventive
    Configure ICMP netmask request responses properly. CC ID 05153 Configuration Preventive
    Set the registry permission for HKEY_CLASSES_ROOT properly. CC ID 05154 Configuration Preventive
    Set the registry key HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\Os2 properly. CC ID 05155 Configuration Preventive
    Set the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug\Debugger properly. CC ID 05156 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Regfile\Shell\Open\Command properly. CC ID 05157 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography properly. CC ID 05158 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hlp properly. CC ID 05159 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Classes\helpfile properly. CC ID 05160 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing properly. CC ID 05161 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais properly. CC ID 05162 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell properly. CC ID 05163 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony properly. CC ID 05164 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability properly. CC ID 05165 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell properly. CC ID 05166 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion properly. CC ID 05167 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech properly. CC ID 05168 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC properly. CC ID 05169 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem properly. CC ID 05170 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates properly. CC ID 05171 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports properly. CC ID 05172 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing properly. CC ID 05173 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Policies properly. CC ID 05174 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor properly. CC ID 05175 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ads\Providers\WinNT properly. CC ID 05176 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NWCOMPAT properly. CC ID 05177 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NDS properly. CC ID 05178 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions properly. CC ID 05179 Configuration Preventive
    Set the registry permission for HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots properly. CC ID 05180 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager properly. CC ID 05181 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help properly. CC ID 05182 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip properly. CC ID 05183 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Non-Driver Signing properly. CC ID 05184 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DeviceManager properly. CC ID 05185 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security properly. CC ID 05186 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP properly. CC ID 05187 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent properly. CC ID 05188 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security properly. CC ID 05189 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMI\Security properly. CC ID 05190 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security properly. CC ID 05191 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Security properly. CC ID 05192 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Security properly. CC ID 05193 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security properly. CC ID 05194 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security properly. CC ID 05195 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Security properly. CC ID 05196 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility properly. CC ID 05197 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kdc\Security properly. CC ID 05198 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security properly. CC ID 05199 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services properly. CC ID 05200 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers properly. CC ID 05201 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network properly. CC ID 05202 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\LSA\Data properly. CC ID 05203 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG properly. CC ID 05204 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1 properly. CC ID 05205 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD properly. CC ID 05206 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control properly. CC ID 05207 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\wbem properly. CC ID 05208 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Security properly. CC ID 05209 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font properly. CC ID 05210 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog properly. CC ID 05211 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares properly. CC ID 05212 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status properly. CC ID 05213 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Secure properly. CC ID 05214 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups properly. CC ID 05215 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon properly. CC ID 05216 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones properly. CC ID 05217 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping properly. CC ID 05218 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS properly. CC ID 05219 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper properly. CC ID 05220 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility properly. CC ID 05221 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug properly. CC ID 05222 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx properly. CC ID 05223 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce properly. CC ID 05224 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run properly. CC ID 05225 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows properly. CC ID 05226 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Secure properly. CC ID 05227 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC properly. CC ID 05228 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options properly. CC ID 05229 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole properly. CC ID 05230 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions properly. CC ID 05231 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout properly. CC ID 05232 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex properly. CC ID 05233 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName properly. CC ID 05234 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy properly. CC ID 05235 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule properly. CC ID 05236 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost properly. CC ID 05237 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit properly. CC ID 05238 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList properly. CC ID 05239 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS properly. CC ID 05240 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 properly. CC ID 05241 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes properly. CC ID 05242 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion properly. CC ID 05243 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates properly. CC ID 05244 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows properly. CC ID 05245 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole properly. CC ID 05246 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers properly. CC ID 05247 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies properly. CC ID 05248 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey properly. CC ID 05249 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host properly. CC ID 05250 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings properly. CC ID 05251 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class properly. CC ID 05252 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security properly. CC ID 05253 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache properly. CC ID 05254 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security properly. CC ID 05255 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\Security properly. CC ID 05256 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt properly. CC ID 05257 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess properly. CC ID 05259 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security properly. CC ID 05260 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security properly. CC ID 05261 Configuration Preventive
    Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries properly. CC ID 05262 Configuration Preventive
    Configure the "audit the %SystemDrive% directory" setting to organizational standards. CC ID 10099 Configuration Preventive
    Configure the "audit the HKEY_LOCAL_MACHINESOFTWARE registry key" setting to organizational standards. CC ID 10100 Configuration Preventive
    Configure the "audit the HKEY_LOCAL_MACHINESYSTEM registry key" setting to organizational standards. CC ID 10101 Configuration Preventive
    Configure the "%ProgramFiles%" directory permissions to organizational standards. CC ID 10102 Configuration Preventive
    Configure the "%ProgramFiles%Resource Kit" directory permissions to organizational standards. CC ID 10103 Configuration Preventive
    Configure the "%ProgramFiles%Resource Pro Kit" directory permissions to organizational standards. CC ID 10104 Configuration Preventive
    Configure the "%SystemDrive%" directory permissions to organizational standards. CC ID 10105 Configuration Preventive
    Configure the "%SystemDrive%AUTOEXEC.BAT" file permissions to organizational standards. CC ID 10106 Configuration Preventive
    Configure the "%SystemDrive%BOOT.INI" file permissions to organizational standards. CC ID 10107 Configuration Preventive
    Configure the "%SystemDrive%CONFIG.SYS" file permissions to organizational standards. CC ID 10108 Configuration Preventive
    Configure the "%SystemDrive%Documents and Settings" file permissions to organizational standards. CC ID 10109 Configuration Preventive
    Configure the "%SystemDrive%Documents and SettingsAdministrator" directory permissions to organizational standards. CC ID 10110 Configuration Preventive
    Configure the "%SystemDrive%Documents and SettingsAll Users" directory permissions to organizational standards. CC ID 10111 Configuration Preventive
    Configure the "%SystemDrive%Documents and SettingsAll UsersDocumentsDrWatson" directory permissions to organizational standards. CC ID 10112 Configuration Preventive
    Configure the "%SystemDrive%Documents and SettingsAll UsersDocumentsDrWatsondrwtsn32.log" file permissions to organizational standards. CC ID 10113 Configuration Preventive
    Configure the "%SystemDrive%Documents and SettingsDefault User" directory permissions to organizational standards. CC ID 10114 Configuration Preventive
    Configure the "%SystemDrive%IO.SYS" file permissions to organizational standards. CC ID 10115 Configuration Preventive
    Configure the "%SystemDrive%MSDOS.SYS" file permissions to organizational standards. CC ID 10116 Configuration Preventive
    Configure the "%SystemDrive%NTBOOTDD.SYS" file permissions to organizational standards. CC ID 10117 Configuration Preventive
    Configure the "%SystemDrive%NTDETECT.COM" file permissions to organizational standards. CC ID 10118 Configuration Preventive
    Configure the "%SystemDrive%NTLDR" file permissions to organizational standards. CC ID 10119 Configuration Preventive
    Configure the "%SystemDrive%Temp" directory permissions to organizational standards. CC ID 10120 Configuration Preventive
    Configure the "%SystemDrive%My Download Files" directory permissions to organizational standards. CC ID 10121 Configuration Preventive
    Configure the "%SystemDrive%System Volume Information" file permissions to organizational standards. CC ID 10122 Configuration Preventive
    Configure the "%SystemRoot%" directory permissions to organizational standards. CC ID 10123 Configuration Preventive
    Configure the "%SystemRoot%Driver CacheI386Driver.cab" directory permissions to organizational standards. CC ID 10124 Configuration Preventive
    Configure the "%SystemRoot%$NtServicePackUninstall$" directory permissions to organizational standards. CC ID 10125 Configuration Preventive
    Configure the "%SystemRoot%$NtServicePackUninstall$" directory permissions to organizational standards. CC ID 10126 Configuration Preventive
    Configure the "%SystemRoot%$NtUninstall*" directories permissions to organizational standards. CC ID 10127 Configuration Preventive
    Configure the "%SystemRoot%CSC" directory permissions to organizational standards. CC ID 10128 Configuration Preventive
    Configure the "%SystemRoot%Debug" directory permissions to organizational standards. CC ID 10129 Configuration Preventive
    Configure the "%SystemRoot%DebugUserMode" directory permissions to organizational standards. CC ID 10130 Configuration Preventive
    Configure the "%SystemRoot% egedit.exe" file permissions to organizational standards. CC ID 10131 Configuration Preventive
    Configure the "%SystemDrive%NTDS" directory permissions to organizational standards. CC ID 10132 Configuration Preventive
    Configure the "%SystemRoot%Offline Web Pages" directory permissions to organizational standards. CC ID 10133 Configuration Preventive
    Configure the "%SystemRoot%Registration" directory permissions to organizational standards. CC ID 10134 Configuration Preventive
    Configure the "%SystemRoot% epair" directory permissions to organizational standards. CC ID 10135 Configuration Preventive
    Configure the "%SystemRoot%security" directory permissions to organizational standards. CC ID 10136 Configuration Preventive
    Configure the "%SystemRoot%SYSVOL" directory permissions to organizational standards. CC ID 10137 Configuration Preventive
    Configure the "%SystemRoot%SYSVOLdomainPolicies" directory permissions to organizational standards. CC ID 10138 Configuration Preventive
    Configure the "%SystemRoot%Temp" directory permissions to organizational standards. CC ID 10139 Configuration Preventive
    Configure the "%SystemRoot%System32" directory permissions to organizational standards. CC ID 10140 Configuration Preventive
    Configure the "%SystemRoot%System32arp.exe" directory permissions to organizational standards. CC ID 10141 Configuration Preventive
    Configure the "%SystemRoot%System32at.exe" file permissions to organizational standards. CC ID 10142 Configuration Preventive
    Configure the "%SystemRoot%System32CONFIG" file permissions to organizational standards. CC ID 10143 Configuration Preventive
    Configure the "%SystemRoot%System32CONFIGAppEvent.evt" file permissions to organizational standards. CC ID 10144 Configuration Preventive
    Configure the "%SystemRoot%System32CONFIG*.evt" file permissions to organizational standards. CC ID 10145 Configuration Preventive
    Configure the "%SystemRoot%System32dllcache" directory permissions to organizational standards. CC ID 10146 Configuration Preventive
    Configure the "%SystemRoot%System32DTCLog" directory permissions to organizational standards. CC ID 10147 Configuration Preventive
    Configure the "%SystemRoot%System32GroupPolicy" directory permissions to organizational standards. CC ID 10148 Configuration Preventive
    Configure the "%SystemRoot%System32ias" directory permissions to organizational standards. CC ID 10149 Configuration Preventive
    Configure the "%SystemRoot%System32Ntbackup.exe" file permissions to organizational standards. CC ID 10150 Configuration Preventive
    Configure the "%SystemRoot%System32NTMSData" directory permissions to organizational standards. CC ID 10151 Configuration Preventive
    Configure the "%SystemRoot%System32Rcp.exe" file permissions to organizational standards. CC ID 10152 Configuration Preventive
    Configure the "%SystemRoot%System32Regedt32.exe" file permissions to organizational standards. CC ID 10153 Configuration Preventive
    Configure the "%SystemRoot%system32ReinstallBackups" directory permissions to organizational standards. CC ID 10154 Configuration Preventive
    Configure the "%SystemRoot%System32Rexec.exe" file permissions to organizational standards. CC ID 10155 Configuration Preventive
    Configure the "%SystemRoot%System32Rsh.exe" file permissions to organizational standards. CC ID 10156 Configuration Preventive
    Configure the "%SystemRoot%System32Secedit.exe" file permissions to organizational standards. CC ID 10157 Configuration Preventive
    Configure the "%SystemRoot%System32Setup" directory permissions to organizational standards. CC ID 10158 Configuration Preventive
    Configure the "%SystemRoot%System32 epl" directory permissions to organizational standards. CC ID 10159 Configuration Preventive
    Configure the "%SystemRoot%System32 eplexport" directory permissions to organizational standards. CC ID 10160 Configuration Preventive
    Configure the "%SystemRoot%System32 eplimport" directory permissions to organizational standards. CC ID 10161 Configuration Preventive
    Configure the "%SystemRoot%System32spoolPrinters" directory permissions to organizational standards. CC ID 10162 Configuration Preventive
    Configure the "%SystemRoot%Tasks" directory permissions to organizational standards. CC ID 10163 Configuration Preventive
    Configure the "%ALL%Program FilesMQSeries" directory permissions to organizational standards. CC ID 10164 Configuration Preventive
    Configure the "%ALL%Program FilesMQSeriesqmggr" directory permissions to organizational standards. CC ID 10165 Configuration Preventive
    Configure the "%SystemDrive%Documents and SettingsAll UsersApplication DataMicrosoftHTML Help ACL" directory permissions to organizational standards. CC ID 10166 Configuration Preventive
    Configure the "%SystemDrive%WINNTSECURITYDatabaseSECEDIT.SDB ACL" directory permissions to organizational standards. CC ID 10167 Configuration Preventive
    Configure the "HKEY_CLASSES_ROOT" registry key permissions to organizational standards. CC ID 10168 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWARE" registry key permissions to organizational standards. CC ID 10169 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREClasses" registry key permissions to organizational standards. CC ID 10170 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREClassesRegfileShellOpenCommand" registry key permissions to organizational standards. CC ID 10171 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftNetDDE" registry key permissions to organizational standards. CC ID 10172 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftOS/2 Subsystem for NT" registry key permissions to organizational standards. CC ID 10173 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAsrCommands" registry key permissions to organizational standards. CC ID 10174 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPerflib" registry key permissions to organizational standards. CC ID 10175 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionGroup Policy" registry key permissions to organizational standards. CC ID 10176 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstaller" registry key permissions to organizational standards. CC ID 10177 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPolicies" registry key permissions to organizational standards. CC ID 10178 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEM" registry key permissions to organizational standards. CC ID 10179 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMclone" registry key permissions to organizational standards. CC ID 10180 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset001" registry key permissions to organizational standards. CC ID 10181 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset002" registry key permissions to organizational standards. CC ID 10182 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset003" registry key permissions to organizational standards. CC ID 10183 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset004" registry key permissions to organizational standards. CC ID 10184 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset005" registry key permissions to organizational standards. CC ID 10185 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset006" registry key permissions to organizational standards. CC ID 10186 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset007" registry key permissions to organizational standards. CC ID 10187 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset008" registry key permissions to organizational standards. CC ID 10188 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset009" registry key permissions to organizational standards. CC ID 10189 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset010" registry key permissions to organizational standards. CC ID 10190 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurePipeServerswinreg" registry key permissions to organizational standards. CC ID 10191 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlWmiSecurity" registry key permissions to organizational standards. CC ID 10192 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnum" registry key permissions to organizational standards. CC ID 10193 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetHardware Profiles" registry key permissions to organizational standards. CC ID 10194 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers" registry key permissions to organizational standards. CC ID 10195 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities" registry key permissions to organizational standards. CC ID 10196 Configuration Preventive
    Configure the "HKEY_USERS.DEFAULT " registry key permissions to organizational standards. CC ID 10197 Configuration Preventive
    Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftNetDDE" registry key permissions to organizational standards. CC ID 10198 Configuration Preventive
    Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftProtected Storage System Provider" registry key permissions to organizational standards. CC ID 10199 Configuration Preventive
    Configure the "HKEY_CLASSES_ROOT" registry key permissions to organizational standards. CC ID 10200 Configuration Preventive
    Configure the "%SystemRoot%System32 unas.exe" file permissions to organizational standards. CC ID 10222 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAEDebugDebugger" registry key to organizational standards. CC ID 10233 Configuration Preventive
    Configure the "%SystemDrive%perflogs" directory permissions to organizational standards. CC ID 10266 Configuration Preventive
    Configure the "%SystemDrive%i386" directory permissions to organizational standards. CC ID 10267 Configuration Preventive
    Configure the "%ProgramFiles%Common FilesSpeechEnginesTTS" directory permissions to organizational standards. CC ID 10268 Configuration Preventive
    Configure the "%SystemRoot%\_default.plf" file permissions to organizational standards. CC ID 10269 Configuration Preventive
    Configure the "%SystemRoot%addins" directory permissions to organizational standards. CC ID 10270 Configuration Preventive
    Configure the "%SystemRoot%appPatch" directory permissions to organizational standards. CC ID 10271 Configuration Preventive
    Configure the "%SystemRoot%clock.avi" file permissions to organizational standards. CC ID 10272 Configuration Preventive
    Configure the "%SystemRoot%Connection Wizard" directory permissions to organizational standards. CC ID 10273 Configuration Preventive
    Configure the "%SystemRoot%Driver Cache" file permissions to organizational standards. CC ID 10274 Configuration Preventive
    Configure the "%SystemRoot%explorer.scf" file permissions to organizational standards. CC ID 10275 Configuration Preventive
    Configure the "%SystemRoot%explorer.exe" file permissions to organizational standards. CC ID 10276 Configuration Preventive
    Configure the "%SystemRoot%Help" directory permissions to organizational standards. CC ID 10277 Configuration Preventive
    Configure the "%SystemRoot%infunregmp2.exe" file permissions to organizational standards. CC ID 10278 Configuration Preventive
    Configure the "%SystemRoot%Java" directory permissions to organizational standards. CC ID 10279 Configuration Preventive
    Configure the "%SystemRoot%mib.bin" file permissions to organizational standards. CC ID 10280 Configuration Preventive
    Configure the "%SystemRoot%msagent" directory permissions to organizational standards. CC ID 10281 Configuration Preventive
    Configure the "%SystemRoot%msdfmap.ini" file permissions to organizational standards. CC ID 10282 Configuration Preventive
    Configure the "%SystemRoot%mui" directory permissions to organizational standards. CC ID 10283 Configuration Preventive
    Configure the "%SystemRoot%security emplates" directory permissions to organizational standards. CC ID 10284 Configuration Preventive
    Configure the "%SystemRoot%speech" directory permissions to organizational standards. CC ID 10285 Configuration Preventive
    Configure the "%SystemRoot%system.ini" file permissions to organizational standards. CC ID 10286 Configuration Preventive
    Configure the "%SystemRoot%systemsetup.inf" file permissions to organizational standards. CC ID 10287 Configuration Preventive
    Configure the "%SystemRoot%systemstdole.tlb" file permissions to organizational standards. CC ID 10288 Configuration Preventive
    Configure the "%SystemRoot% wain_32" directory permissions to organizational standards. CC ID 10289 Configuration Preventive
    Configure the "%SystemRoot%System32cacls.exe" directory permissions to organizational standards. CC ID 10290 Configuration Preventive
    Configure the "%SystemRoot%System32attrib.exe" directory permissions to organizational standards. CC ID 10291 Configuration Preventive
    Configure the "%SystemRoot%System32CatRoot" directory permissions to organizational standards. CC ID 10292 Configuration Preventive
    Configure the "%SystemRoot%System32configsystemprofile" directory permissions to organizational standards. CC ID 10293 Configuration Preventive
    Configure the "%SystemRoot%System32debug.exe" file permissions to organizational standards. CC ID 10294 Configuration Preventive
    Configure the "%SystemRoot%System32dhcp" directory permissions to organizational standards. CC ID 10295 Configuration Preventive
    Configure the "%SystemRoot%System32drivers" directory permissions to organizational standards. CC ID 10296 Configuration Preventive
    Configure the "%SystemRoot%System32eventtriggers.exe" file permissions to organizational standards. CC ID 10297 Configuration Preventive
    Configure the "%SystemRoot%System32edlin.exe" file permissions to organizational standards. CC ID 10298 Configuration Preventive
    Configure the "%SystemRoot%System32eventcreate.exe" file permissions to organizational standards. CC ID 10299 Configuration Preventive
    Configure the "%SystemRoot%System32Export" directory permissions to organizational standards. CC ID 10300 Configuration Preventive
    Configure the "%SystemRoot%System32ipconfig.exe" file permissions to organizational standards. CC ID 10301 Configuration Preventive
    Configure the "%SystemRoot%System32\nslookup.exe" file permissions to organizational standards CC ID 10302 Configuration Preventive
    Configure the "%SystemRoot%System32 etstat.exe" file permissions to organizational standards. CC ID 10303 Configuration Preventive
    Configure the "%SystemRoot%System32 btstat.exe" file permissions to organizational standards. CC ID 10304 Configuration Preventive
    Configure the "%SystemRoot%System32ftp.exe" file permissions to organizational standards. CC ID 10305 Configuration Preventive
    Configure the "%SystemRoot%System32LogFiles" directory permissions to organizational standards. CC ID 10306 Configuration Preventive
    Configure the "%SystemRoot%System32mshta.exe" file permissions to organizational standards. CC ID 10307 Configuration Preventive
    Configure the "%SystemRoot%System32mui" directory permissions to organizational standards. CC ID 10308 Configuration Preventive
    Configure the "%SystemRoot%System32 et.exe" file permissions to organizational standards. CC ID 10309 Configuration Preventive
    Configure the "%SystemRoot%System32 etsh.exe" file permissions to organizational standards. CC ID 10310 Configuration Preventive
    Configure the "%SystemRoot%System32 et1.exe" file permissions to organizational standards. CC ID 10311 Configuration Preventive
    Configure the "%SystemRoot%System32 eg.exe" file permissions to organizational standards. CC ID 10312 Configuration Preventive
    Configure the "%SystemRoot%System32 egini.exe" file permissions to organizational standards. CC ID 10313 Configuration Preventive
    Configure the "%SystemRoot%System32 egsvr32.exe" file permissions to organizational standards. CC ID 10314 Configuration Preventive
    Configure the "%SystemRoot%System32 oute.exe" file permissions to organizational standards. CC ID 10315 Configuration Preventive
    Configure the "%SystemRoot%System32sc.exe" file permissions to organizational standards. CC ID 10316 Configuration Preventive
    Configure the "%SystemRoot%System32ShellExt" directory permissions to organizational standards. CC ID 10317 Configuration Preventive
    Configure the "%SystemRoot%System32subst.exe" file permissions to organizational standards. CC ID 10318 Configuration Preventive
    Configure the "%SystemRoot%System32systeminfo.exe" file permissions to organizational standards. CC ID 10319 Configuration Preventive
    Configure the "%SystemRoot%System32 elnet.exe" file permissions to organizational standards. CC ID 10320 Configuration Preventive
    Configure the "%SystemRoot%System32 ftp.exe" file permissions to organizational standards. CC ID 10321 Configuration Preventive
    Configure the "%SystemRoot%System32wbem" directory permissions to organizational standards. CC ID 10322 Configuration Preventive
    Configure the "%SystemRoot%System32 lntsvr.exe" file permissions to organizational standards. CC ID 10323 Configuration Preventive
    Configure the "%SystemRoot%System32wbemmof" directory permissions to organizational standards. CC ID 10324 Configuration Preventive
    Configure the "%SystemRoot%System32wbem epository" directory permissions to organizational standards. CC ID 10325 Configuration Preventive
    Configure the "%SystemRoot%System32wbemlogs" directory permissions to organizational standards. CC ID 10326 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography" registry key permissions to organizational standards. CC ID 10327 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREClasses.hlp" registry key permissions to organizational standards. CC ID 10328 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREClasseshelpfile" registry key permissions to organizational standards. CC ID 10329 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftTracing" registry key permissions to organizational standards. CC ID 10330 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyCalais" registry key permissions to organizational standards. CC ID 10331 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShell" registry key permissions to organizational standards. CC ID 10332 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionTelephony" registry key permissions to organizational standards. CC ID 10333 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionReliability" registry key permissions to organizational standards. CC ID 10334 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerUser Shell" registry key permissions to organizational standards. CC ID 10335 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion" registry key permissions to organizational standards. CC ID 10336 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftSpeech" registry key permissions to organizational standards. CC ID 10337 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSDTC" registry key permissions to organizational standards. CC ID 10338 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftEventSystem" registry key permissions to organizational standards. CC ID 10339 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftEnterpriseCertificates" registry key permissions to organizational standards. CC ID 10340 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPorts" registry key permissions to organizational standards. CC ID 10341 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftDriver Signing" registry key permissions to organizational standards. CC ID 10342 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREPolicies" registry key permissions to organizational standards. CC ID 10343 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor" registry key permissions to organizational standards. CC ID 10344 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftAdsProvidersWinNT" registry key permissions to organizational standards. CC ID 10345 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftADsProvidersNWCOMPAT" registry key permissions to organizational standards. CC ID 10346 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftADsProvidersNDS" registry key permissions to organizational standards. CC ID 10347 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftADsProvidersLDAPExtensions" registry key permissions to organizational standards. CC ID 10348 Configuration Preventive
    Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftSystemCertificatesRootProtectedRoots" registry key permissions to organizational standards. CC ID 10349 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager" registry key permissions to organizational standards. CC ID 10350 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsHelp" registry key permissions to organizational standards. CC ID 10351 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip" registry key permissions to organizational standards. CC ID 10352 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftNon-Driver Signing" registry key permissions to organizational standards. CC ID 10353 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftDeviceManager" registry key permissions to organizational standards. CC ID 10354 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesClipSrvSecurity" registry key permissions to organizational standards. CC ID 10355 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDHCP" registry key permissions to organizational standards. CC ID 10356 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlServiceCurrent" registry key permissions to organizational standards. CC ID 10357 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLogSecurity" registry key permissions to organizational standards. CC ID 10358 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWMISecurity" registry key permissions to organizational standards. CC ID 10359 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeSecurity" registry key permissions to organizational standards. CC ID 10360 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTapiSrvSecurity" registry key permissions to organizational standards. CC ID 10361 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSCardSvrSecurity" registry key permissions to organizational standards. CC ID 10362 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSamssSecurity" registry key permissions to organizational standards. CC ID 10363 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRpcSsSecurity" registry key permissions to organizational standards. CC ID 10364 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetDDEdsdmSecurity" registry key permissions to organizational standards. CC ID 10365 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAccessibility" registry key permissions to organizational standards. CC ID 10366 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceskdcSecurity" registry key permissions to organizational standards. CC ID 10367 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAppMgmtSecurity" registry key permissions to organizational standards. CC ID 10368 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices" registry key permissions to organizational standards. CC ID 10369 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurePipeServers" registry key permissions to organizational standards. CC ID 10370 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlNetwork" registry key permissions to organizational standards. CC ID 10371 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAData" registry key permissions to organizational standards. CC ID 10372 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAGBG" registry key permissions to organizational standards. CC ID 10373 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSASkew1" registry key permissions to organizational standards. CC ID 10374 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAJD" registry key permissions to organizational standards. CC ID 10375 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControl" registry key permissions to organizational standards. CC ID 10376 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftwbem" registry key permissions to organizational standards. CC ID 10377 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetDDESecurity" registry key permissions to organizational standards. CC ID 10378 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFont" registry key permissions to organizational standards. CC ID 10379 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLog" registry key permissions to organizational standards. CC ID 10380 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerShares" registry key permissions to organizational standards. CC ID 10381 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREWindows 3.1 Migration Status" registry key permissions to organizational standards. CC ID 10382 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWARESecure" registry key permissions to organizational standards. CC ID 10383 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREProgram Groups" registry key permissions to organizational standards. CC ID 10384 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" registry key permissions to organizational standards. CC ID 10385 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTime Zones" registry key permissions to organizational standards. CC ID 10386 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMapping" registry key permissions to organizational standards. CC ID 10387 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUPS" registry key permissions to organizational standards. CC ID 10388 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontMapper" registry key permissions to organizational standards. CC ID 10389 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionCompatibility" registry key permissions to organizational standards. CC ID 10390 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAEDebug" registry key permissions to organizational standards. CC ID 10391 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnceEx" registry key permissions to organizational standards. CC ID 10392 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce" registry key permissions to organizational standards. CC ID 10393 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun" registry key permissions to organizational standards. CC ID 10394 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows" registry key permissions to organizational standards. CC ID 10395 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecure" registry key permissions to organizational standards. CC ID 10396 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftRPC" registry key permissions to organizational standards. CC ID 10397 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options" registry key permissions to organizational standards. CC ID 10398 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSetupRecoveryConsole" registry key permissions to organizational standards. CC ID 10399 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlProductOptions" registry key permissions to organizational standards. CC ID 10400 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlKeyboard Layout" registry key permissions to organizational standards. CC ID 10401 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlContentIndex" registry key permissions to organizational standards. CC ID 10402 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlComputerName" registry key permissions to organizational standards. CC ID 10403 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionGroup Policy" registry key permissions to organizational standards. CC ID 10404 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSchedule" registry key permissions to organizational standards. CC ID 10405 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost" registry key permissions to organizational standards. CC ID 10406 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSecEdit" registry key permissions to organizational standards. CC ID 10407 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList" registry key permissions to organizational standards. CC ID 10408 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionEFS" registry key permissions to organizational standards. CC ID 10409 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDrivers32" registry key permissions to organizational standards. CC ID 10410 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionClasses" registry key permissions to organizational standards. CC ID 10411 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion" registry key permissions to organizational standards. CC ID 10412 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftSystemCertificates" registry key permissions to organizational standards. CC ID 10413 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows" registry key permissions to organizational standards. CC ID 10414 Configuration Preventive
    Configure the "%SystemRoot%Web" directory permissions to organizational standards. CC ID 10415 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle" registry key permissions to organizational standards. CC ID 10416 Configuration Preventive
    Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintPrinters" registry key permissions to organizational standards. CC ID 10417 Configuration Preventive
    Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionPolicies" registry key permissions to organizational standards. CC ID 10418 Configuration Preventive
    Apply the appropriate warning message to systems. CC ID 01596 Configuration Preventive
    Create a warning message for standard logon services. CC ID 01597 Configuration Preventive
    Create a warning message for graphical logons. CC ID 01598 Configuration Preventive
    Create a warning message for terminal session logons. CC ID 06564 Configuration Preventive
    Create a warning message for FTP daemon. CC ID 01599 Configuration Preventive
    Create a warning message for telnet daemon. CC ID 01600 Configuration Preventive
    Create a power on warning message. CC ID 01601 Configuration Preventive
    Enable the Kerberos TGT expiration warning, as appropriate. CC ID 05263 Configuration Preventive
    Configure the sendmail greeting properly. CC ID 05264 Configuration Preventive
    Set the Electrically-Erasable Programmable Read-Only Memory warning message properly. CC ID 05265 Configuration Preventive
    Set the warning messages switchpoint distance to an appropriate value. CC ID 05266 Configuration Preventive
    Enable logon authentication management techniques. CC ID 00553
    [{proper use} Ensure the proper management, tracking, and use of connected hardware authentication tokens (if tokens are used). 5.2 Control Objective
    {proper use} Ensure the proper management, tracking, and use of connected hardware authentication tokens (if tokens are used). 5.2 Control Objective]
    Configuration Preventive
    Configure the system to log all access attempts to all systems. CC ID 00554 Configuration Preventive
    Include the date and time that access was granted in the system record. CC ID 15174 Establish/Maintain Documentation Preventive
    Include the access level granted in the system record. CC ID 15173 Establish/Maintain Documentation Preventive
    Include when access is withdrawn in the system record. CC ID 15172 Establish/Maintain Documentation Preventive
    Configure devices and users to re-authenticate, as necessary. CC ID 10609 Configuration Preventive
    Restrict logons by specified source addresses. CC ID 16394 Technical Security Preventive
    Configure the "Lockout Enabled" setting to organizational standards. CC ID 09859 Configuration Preventive
    Prohibit the use of cached authenticators and credentials after a defined period of time. CC ID 10610 Configuration Preventive
    Establish, implement, and maintain authenticators. CC ID 15305 Technical Security Preventive
    Establish, implement, and maintain an authenticator standard. CC ID 01702
    [Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. 4.1 Control Objective]
    Establish/Maintain Documentation Preventive
    Disallow personal data in authenticators. CC ID 13864 Technical Security Preventive
    Establish, implement, and maintain an authenticator management system. CC ID 12031 Establish/Maintain Documentation Preventive
    Establish, implement, and maintain a repository of authenticators. CC ID 16372 Data and Information Management Preventive
    Establish, implement, and maintain authenticator procedures. CC ID 12002 Establish/Maintain Documentation Preventive
    Restrict access to authentication files to authorized personnel, as necessary. CC ID 12127 Technical Security Preventive
    Configure authenticators to comply with organizational standards. CC ID 06412 Configuration Preventive
    Configure the system to require new users to change their authenticator on first use. CC ID 05268 Configuration Preventive
    Configure authenticators so that group authenticators or shared authenticators are prohibited. CC ID 00519 Configuration Preventive
    Change the authenticator for shared accounts when the group membership changes. CC ID 14249 Business Processes Corrective
    Configure the system to prevent unencrypted authenticator use. CC ID 04457 Configuration Preventive
    Disable store passwords using reversible encryption. CC ID 01708 Configuration Preventive
    Configure the system to encrypt authenticators. CC ID 06735 Configuration Preventive
    Configure the system to mask authenticators. CC ID 02037 Configuration Preventive
    Configure the authenticator policy to ban the use of usernames or user identifiers in authenticators. CC ID 05992 Configuration Preventive
    Configure the "minimum number of digits required for new passwords" setting to organizational standards. CC ID 08717 Establish/Maintain Documentation Preventive
    Configure the "minimum number of upper case characters required for new passwords" setting to organizational standards. CC ID 08718 Establish/Maintain Documentation Preventive
    Configure the system to refrain from specifying the type of information used as password hints. CC ID 13783 Configuration Preventive
    Configure the "minimum number of lower case characters required for new passwords" setting to organizational standards. CC ID 08719 Establish/Maintain Documentation Preventive
    Disable machine account password changes. CC ID 01737 Configuration Preventive
    Configure the "minimum number of special characters required for new passwords" setting to organizational standards. CC ID 08720 Establish/Maintain Documentation Preventive
    Configure the "require new passwords to differ from old ones by the appropriate minimum number of characters" setting to organizational standards. CC ID 08722 Establish/Maintain Documentation Preventive
    Configure the "password reuse" setting to organizational standards. CC ID 08724 Establish/Maintain Documentation Preventive
    Configure the "Disable Remember Password" setting. CC ID 05270 Configuration Preventive
    Configure the "Minimum password age" to organizational standards. CC ID 01703 Configuration Preventive
    Configure the LILO/GRUB password. CC ID 01576 Configuration Preventive
    Configure the system to use Apple's Keychain Access to store passwords and certificates. CC ID 04481 Configuration Preventive
    Change the default password to Apple's Keychain. CC ID 04482 Configuration Preventive
    Configure Apple's Keychain items to ask for the Keychain password. CC ID 04483 Configuration Preventive
    Configure the Syskey Encryption Key and associated password. CC ID 05978 Configuration Preventive
    Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting. CC ID 04505 Configuration Preventive
    Configure the "System cryptography: Force strong key protection for user keys stored in the computer" setting. CC ID 04534 Configuration Preventive
    Configure interactive logon for accounts that do not have assigned authenticators in accordance with organizational standards. CC ID 05267 Configuration Preventive
    Enable or disable remote connections from accounts with empty authenticators, as appropriate. CC ID 05269 Configuration Preventive
    Configure the "Send LanMan compatible password" setting. CC ID 05271 Configuration Preventive
    Configure the authenticator policy to ban or allow authenticators as words found in dictionaries, as appropriate. CC ID 05993 Configuration Preventive
    Set the most number of characters required for the BitLocker Startup PIN correctly. CC ID 06054 Configuration Preventive
    Set the default folder for BitLocker recovery passwords correctly. CC ID 06055 Configuration Preventive
    Notify affected parties to keep authenticators confidential. CC ID 06787 Behavior Preventive
    Discourage affected parties from recording authenticators. CC ID 06788 Behavior Preventive
    Ensure the root account is the first entry in password files. CC ID 16323 Data and Information Management Detective
    Configure the "shadow password for all accounts in /etc/passwd" setting to organizational standards. CC ID 08721 Establish/Maintain Documentation Preventive
    Configure the "password hashing algorithm" setting to organizational standards. CC ID 08723 Establish/Maintain Documentation Preventive
    Configure the "Disable password strength validation for Peer Grouping" setting to organizational standards. CC ID 10866 Configuration Preventive
    Configure the "Set the interval between synchronization retries for Password Synchronization" setting to organizational standards. CC ID 11185 Configuration Preventive
    Configure the "Set the number of synchronization retries for servers running Password Synchronization" setting to organizational standards. CC ID 11187 Configuration Preventive
    Configure the "Turn off password security in Input Panel" setting to organizational standards. CC ID 11296 Configuration Preventive
    Configure the "Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory" setting to organizational standards. CC ID 11355 Configuration Preventive
    Configure the authenticator display screen to organizational standards. CC ID 13794 Configuration Preventive
    Configure the authenticator field to disallow memorized secrets found in the memorized secret list. CC ID 13808 Configuration Preventive
    Configure the authenticator display screen to display the memorized secret as an option. CC ID 13806 Configuration Preventive
    Disseminate and communicate with the end user when a memorized secret entered into an authenticator field matches one found in the memorized secret list. CC ID 13807 Communicate Preventive
    Configure the look-up secret authenticator to dispose of memorized secrets after their use. CC ID 13817 Configuration Corrective
    Configure the memorized secret verifiers to refrain from allowing anonymous users to access memorized secret hints. CC ID 13823 Configuration Preventive
    Configure the system to allow paste functionality for the authenticator field. CC ID 13819 Configuration Preventive
    Configure the system to require successful authentication before an authenticator for a user account is changed. CC ID 13821 Configuration Preventive
    Protect authenticators or authentication factors from unauthorized modification and disclosure. CC ID 15317 Technical Security Preventive
    Obscure authentication information during the login process. CC ID 15316 Configuration Preventive
    Change authenticators, as necessary. CC ID 15315 Configuration Preventive
    Implement safeguards to protect authenticators from unauthorized access. CC ID 15310 Technical Security Preventive
    Change all default authenticators. CC ID 15309 Configuration Preventive
    Configure each system's security alerts to organizational standards. CC ID 12113 Technical Security Preventive
    Configure the system to issue a security alert when an administrator account is created. CC ID 12122 Configuration Preventive
    Configure the system security parameters to prevent system misuse or information misappropriation. CC ID 00881 Configuration Preventive
    Configure Hypertext Transfer Protocol security headers in accordance with organizational standards. CC ID 16488 Configuration Preventive
    Configure "Enable Structured Exception Handling Overwrite Protection (SEHOP)" to organizational standards. CC ID 15385 Configuration Preventive
    Configure Microsoft Attack Surface Reduction rules in accordance with organizational standards. CC ID 16478 Configuration Preventive
    Configure "Remote host allows delegation of non-exportable credentials" to organizational standards. CC ID 15379 Configuration Preventive
    Configure "Configure enhanced anti-spoofing" to organizational standards. CC ID 15376 Configuration Preventive
    Configure "Block user from showing account details on sign-in" to organizational standards. CC ID 15374 Configuration Preventive
    Configure "Configure Attack Surface Reduction rules" to organizational standards. CC ID 15370 Configuration Preventive
    Configure "Turn on e-mail scanning" to organizational standards. CC ID 15361 Configuration Preventive
    Configure "Prevent users and apps from accessing dangerous websites" to organizational standards. CC ID 15359 Configuration Preventive
    Configure "Enumeration policy for external devices incompatible with Kernel DMA Protection" to organizational standards. CC ID 15352 Configuration Preventive
    Configure "Prevent Internet Explorer security prompt for Windows Installer scripts" to organizational standards. CC ID 15351 Configuration Preventive
    Store state information from applications and software separately. CC ID 14767 Configuration Preventive
    Configure the "aufs storage" to organizational standards. CC ID 14461 Configuration Preventive
    Configure the "AppArmor Profile" to organizational standards. CC ID 14496 Configuration Preventive
    Configure the "device" argument to organizational standards. CC ID 14536 Configuration Preventive
    Configure the "Docker" group ownership to organizational standards. CC ID 14495 Configuration Preventive
    Configure the "Docker" user ownership to organizational standards. CC ID 14505 Configuration Preventive
    Configure "Allow upload of User Activities" to organizational standards. CC ID 15338 Configuration Preventive
    Configure the system to restrict Core dumps to a protected directory. CC ID 01513 Configuration Preventive
    Configure the system to enable Stack protection. CC ID 01514 Configuration Preventive
    Configure the system to restrict NFS client requests to privileged ports. CC ID 01515 Configuration Preventive
    Configure the system to use better TCP Sequence Numbers. CC ID 01516 Configuration Preventive
    Configure the system to a default secure level. CC ID 01519 Configuration Preventive
    Configure the system to block users from viewing un-owned processes. CC ID 01520 Configuration Preventive
    Configure the system to block users from viewing processes in other groups. CC ID 01521 Configuration Preventive
    Add the "nosuid" option to /etc/rmmount.conf. CC ID 01532 Configuration Preventive
    Configure the system to block non-privileged mountd requests. CC ID 01533 Configuration Preventive
    Use host-based or Internet Protocol-based export lists for mountd. CC ID 06887 Configuration Preventive
    Add the "nodev" option to the appropriate partitions in /etc/fstab. CC ID 01534 Configuration Preventive
    Add the "nosuid" option and "nodev" option for removable storage media in the /etc/fstab file. CC ID 01535 Configuration Preventive
    Configure the sticky bit on world-writable directories. CC ID 01540 Configuration Preventive
    Verify system files are not world-writable. CC ID 01546 Technical Security Preventive
    Verify backup directories containing patches are not accessible. CC ID 01547 Technical Security Preventive
    Run hp_checkperms. CC ID 01548 Configuration Preventive
    Run fix-modes. CC ID 01549 Configuration Preventive
    Convert the system to "Trusted Mode", if possible. CC ID 01550 Configuration Preventive
    Configure the sadmind service to a higher Security level. CC ID 01551 Configuration Preventive
    Use host-based or Internet Protocol-based export lists for sadmind. CC ID 06886 Configuration Preventive
    Find files and directories with extended attributes. CC ID 01552 Technical Security Detective
    Configure all.rhosts files to be readable only by their owners. CC ID 01557 Configuration Preventive
    Set the symlink /etc/hosts.equiv file to /dev/null. CC ID 01558 Configuration Preventive
    Configure the default locking Screen saver timeout to a predetermined time period. CC ID 01570 Configuration Preventive
    Configure the Security Center (Domain PCs only). CC ID 01967 Configuration Preventive
    Configure the system to immediately protect the computer after the Screen saver is activated by setting the time before the Screen saver grace period expires to a predefined amount. CC ID 04276 Configuration Preventive
    Configure the system to require a password before it unlocks the Screen saver software. CC ID 04443 Configuration Preventive
    Enable the safe DLL search mode. CC ID 04273 Configuration Preventive
    Configure the computer to stop generating 8.3 filename formats. CC ID 04274 Configuration Preventive
    Configure the system to use certificate rules for software restriction policies. CC ID 04266 Configuration Preventive
    Configure the "Do not allow drive redirection" setting. CC ID 04316 Configuration Preventive
    Configure the "Turn off the 'Publish to Web' task for files and folders" setting. CC ID 04328 Configuration Preventive
    Configure the "Turn off Internet download for Web publishing and online ordering wizards" setting. CC ID 04329 Configuration Preventive
    Configure the "Turn off Search Companion content file updates" setting. CC ID 04331 Configuration Preventive
    Configure the "Turn off printing over HTTP" setting. CC ID 04332 Configuration Preventive
    Configure the "Turn off downloading of print drivers over HTTP" setting. CC ID 04333 Configuration Preventive
    Configure the "Turn off Windows Update device driver searching" setting. CC ID 04334 Configuration Preventive
    Configure the "Display Error Notification" setting to organizational standards. CC ID 04335 Configuration Preventive
    Configure the "Turn off Windows error reporting" setting to organizational standards. CC ID 04336 Configuration Preventive
    Configure the "Disable software update shell notifications on program launch" setting. CC ID 04339 Configuration Preventive
    Configure the "Make proxy settings per-machine (rather than per-user)" setting. CC ID 04341 Configuration Preventive
    Configure the "Security Zones: Do not allow users to add/delete sites" setting. CC ID 04342 Configuration Preventive
    Configure the "Security Zones: Do not allow users to change policies" setting. CC ID 04343 Configuration Preventive
    Configure the "Security Zones: Use only machine settings" setting. CC ID 04344 Configuration Preventive
    Configure the "Allow software to run or install even if the signature is invalid" setting. CC ID 04346 Configuration Preventive
    Configure the "internet explorer processes (scripted window security restrictions)" setting. CC ID 04350 Configuration Preventive
    Configure the "internet explorer processes (zone elevation protection)" setting. CC ID 04351 Configuration Preventive
    Configure the "Prevent access to registry editing tools" setting. CC ID 04355 Configuration Preventive
    Configure the "Do not preserve zone information in file attachments" setting. CC ID 04357 Configuration Preventive
    Configure the "Hide mechanisms to remove zone information" setting. CC ID 04358 Configuration Preventive
    Configure the "Notify antivirus programs when opening attachments" setting. CC ID 04359 Configuration Preventive
    Configure the "Configure Outlook Express" setting. CC ID 04360 Configuration Preventive
    Configure the "Disable Changing Automatic Configuration settings" setting. CC ID 04361 Configuration Preventive
    Configure the "Disable changing certificate settings" setting. CC ID 04362 Configuration Preventive
    Configure the "Disable changing connection settings" setting. CC ID 04363 Configuration Preventive
    Configure the "Disable changing proxy settings" setting. CC ID 04364 Configuration Preventive
    Configure the "Turn on the auto-complete feature for user names and passwords on forms" setting. CC ID 04365 Configuration Preventive
    Configure the NetWare bindery contexts. CC ID 04444 Configuration Preventive
    Configure the NetWare console's SECURE.NCF settings. CC ID 04445 Configuration Preventive
    Configure the CPU Hog Timeout setting. CC ID 04446 Configuration Preventive
    Configure the "Check Equivalent to Me" setting. CC ID 04463 Configuration Preventive
    Configure the /etc/sshd_config file. CC ID 04475 Configuration Preventive
    Configure the .Mac preferences. CC ID 04484 Configuration Preventive
    Configure the Fast User Switching setting. CC ID 04485 Configuration Preventive
    Configure the Recent Items List (servers, applications, documents) setting. CC ID 04486 Configuration Preventive
    Configure Apple's Dock preferences. CC ID 04487 Configuration Preventive
    Configure the "ulimit" to organizational standards. CC ID 14499 Configuration Preventive
    Configure the Energy Saver preferences. CC ID 04488 Configuration Preventive
    Configure the local system search preferences to directories that do not contain restricted data or restricted information. CC ID 04492 Configuration Preventive
    Digitally sign and encrypt e-mail, as necessary. CC ID 04493 Technical Security Preventive
    Manage temporary files, as necessary. CC ID 04847 Technical Security Preventive
    Configure the computer-wide, rather than per-user, use of Microsoft Spynet Reporting for Windows Defender properly. CC ID 05282 Configuration Preventive
    Enable or disable the ability of users to perform interactive startups, as appropriate. CC ID 05283 Configuration Preventive
    Set the /etc/passwd file's NIS file inclusions properly. CC ID 05284 Configuration Preventive
    Configure the "Turn off Help Ratings" setting. CC ID 05285 Configuration Preventive
    Configure the "Decoy Admin Account Not Disabled" policy properly. CC ID 05286 Configuration Preventive
    Configure the "Additional restrictions for anonymous connections" policy properly. CC ID 05287 Configuration Preventive
    Configure the "Anonymous access to the registry" policy properly. CC ID 05288 Configuration Preventive
    Configure the File System Checker and Popups setting. CC ID 05289 Configuration Preventive
    Configure the System File Checker setting. CC ID 05290 Configuration Preventive
    Configure the System File Checker Progress Meter setting. CC ID 05291 Configuration Preventive
    Configure the Protect Kernel object attributes properly. CC ID 05292 Configuration Preventive
    Configure the "Deleted Cached Copies of Roaming Profiles" policy properly. CC ID 05293 Configuration Preventive
    Verify that the X*.hosts file lists all authorized X-clients. CC ID 05294 Configuration Preventive
    Verify all files are owned by an existing account and group. CC ID 05295 Configuration Preventive
    Verify programs executed through the aliases file are owned by an appropriate user or group. CC ID 05296 Configuration Preventive
    Verify programs executed through the aliases file are stored in a directory with an appropriate owner. CC ID 05297 Configuration Preventive
    Verify the at directory is owned by an appropriate user or group. CC ID 05298 Configuration Preventive
    Verify the at.allow file is owned by an appropriate user or group. CC ID 05299 Configuration Preventive
    Verify the at.deny file is owned by an appropriate user or group. CC ID 05300 Configuration Preventive
    Verify the crontab directories are owned by an appropriate user or group. CC ID 05302 Configuration Preventive
    Verify the cron.allow file is owned by an appropriate user or group. CC ID 05303 Configuration Preventive
    Verify the cron.deny file is owned by an appropriate user or group. CC ID 05304 Configuration Preventive
    Verify crontab files are owned by an appropriate user or group. CC ID 05305 Configuration Preventive
    Verify the /etc/resolv.conf file is owned by an appropriate user or group. CC ID 05306 Configuration Preventive
    Verify the /etc/named.boot file is owned by an appropriate user or group. CC ID 05307 Configuration Preventive
    Verify the /etc/named.conf file is owned by an appropriate user or group. CC ID 05308 Configuration Preventive
    Verify the /var/named/chroot/etc/named.conf file is owned by an appropriate user or group. CC ID 05309 Configuration Preventive
    Verify home directories are owned by an appropriate user or group. CC ID 05310 Configuration Preventive
    Verify the inetd.conf file is owned by an appropriate user or group. CC ID 05311 Configuration Preventive
    Verify /etc/exports are owned by an appropriate user or group. CC ID 05312 Configuration Preventive
    Verify exported files and exported directories are owned by an appropriate user or group. CC ID 05313 Configuration Preventive
    Restrict the exporting of files and directories, as necessary. CC ID 16315 Technical Security Preventive
    Verify the /etc/services file is owned by an appropriate user or group. CC ID 05314 Configuration Preventive
    Verify the /etc/notrouter file is owned by an appropriate user or group. CC ID 05315 Configuration Preventive
    Verify the /etc/samba/smb.conf file is owned by an appropriate user or group. CC ID 05316 Configuration Preventive
    Verify the smbpasswd file and smbpasswd executable are owned by an appropriate user or group. CC ID 05317 Configuration Preventive
    Verify the aliases file is owned by an appropriate user or group. CC ID 05318 Configuration Preventive
    Verify the log file configured to capture critical sendmail messages is owned by an appropriate user or group. CC ID 05319 Log Management Preventive
    Verify Shell files are owned by an appropriate user or group. CC ID 05320 Configuration Preventive
    Verify the snmpd.conf file is owned by an appropriate user or group. CC ID 05321 Configuration Preventive
    Verify the /etc/syslog.conf file is owned by an appropriate user or group. CC ID 05322 Configuration Preventive
    Verify the traceroute executable is owned by an appropriate user or group. CC ID 05323 Configuration Preventive
    Verify the /usr/lib/sendmail file is owned by an appropriate user or group. CC ID 05324 Technical Security Preventive
    Verify the /etc/passwd file is owned by an appropriate user or group. CC ID 05325 Configuration Preventive
    Verify the /etc/shadow file is owned by an appropriate user or group. CC ID 05326 Configuration Preventive
    Verify the /etc/security/audit/config file is owned by an appropriate user or group. CC ID 05327 Configuration Preventive
    Verify the /etc/securit/audit/events file is owned by an appropriate user or group. CC ID 05328 Configuration Preventive
    Verify the /etc/security/audit/objects file is owned by an appropriate user or group. CC ID 05329 Configuration Preventive
    Verify the /usr/lib/trcload file is owned by an appropriate user or group. CC ID 05330 Configuration Preventive
    Verify the /usr/lib/semutil file is owned by an appropriate user or group. CC ID 05331 Configuration Preventive
    Verify system files are owned by an appropriate user or group. CC ID 05332 Configuration Preventive
    Verify the default/skeleton dot files are owned by an appropriate user or group. CC ID 05333 Configuration Preventive
    Verify the global initialization files are owned by an appropriate user or group. CC ID 05334 Configuration Preventive
    Verify the /etc/rc.config.d/auditing file is owned by an appropriate user or group. CC ID 05335 Configuration Preventive
    Verify the /etc/init.d file is owned by an appropriate user or group. CC ID 05336 Configuration Preventive
    Verify the /etc/hosts.lpd file is owned by an appropriate user or group. CC ID 05337 Configuration Preventive
    Verify the /etc/auto.master file is owned by an appropriate user or group. CC ID 05338 Configuration Preventive
    Verify the /etc/auto.misc file is owned by an appropriate user or group. CC ID 05339 Configuration Preventive
    Verify the /etc/auto.net file is owned by an appropriate user or group. CC ID 05340 Configuration Preventive
    Verify the boot/grub/grub.conf file is owned by an appropriate user or group. CC ID 05341 Configuration Preventive
    Verify the /etc/lilo.conf file is owned by an appropriate user or group. CC ID 05342 Configuration Preventive
    Verify the /etc/login.access file is owned by an appropriate user or group. CC ID 05343 Configuration Preventive
    Verify the /etc/security/access.conf file is owned by an appropriate user or group. CC ID 05344 Configuration Preventive
    Verify the /etc/sysctl.conf file is owned by an appropriate user or group. CC ID 05345 Configuration Preventive
    Configure the "secure_redirects" setting to organizational standards. CC ID 09941 Configuration Preventive
    Configure the "icmp_ignore_bogus_error_responses" setting to organizational standards. CC ID 09942 Configuration Preventive
    Configure the "rp_filter" setting to organizational standards. CC ID 09943 Configuration Preventive
    Verify the /etc/securetty file is owned by an appropriate user or group. CC ID 05346 Configuration Preventive
    Verify the /etc/audit/auditd.conf file is owned by an appropriate user or group. CC ID 05347 Configuration Preventive
    Verify the audit.rules file is owned by an appropriate user or group. CC ID 05348 Configuration Preventive
    Verify the /etc/group file is owned by an appropriate user or group. CC ID 05349 Configuration Preventive
    Verify the /etc/gshadow file is owned by an appropriate user or group. CC ID 05350 Configuration Preventive
    Verify the /usr/sbin/userhelper file is owned by an appropriate user or group. CC ID 05351 Configuration Preventive
    Verify all syslog log files are owned by an appropriate user or group. CC ID 05352 Configuration Preventive
    Verify the /etc/anacrontab file is owned by an appropriate user or group. CC ID 05353 Configuration Preventive
    Verify the /etc/pki/tls/ldap file is owned by an appropriate user or group. CC ID 05354 Configuration Preventive
    Verify the /etc/pki/tls/ldap/serverkey.pem file is owned by an appropriate user or group. CC ID 05355 Configuration Preventive
    Verify the /etc/pki/tls/CA/cacert.pem file is owned by an appropriate user or group. CC ID 05356 Configuration Preventive
    Verify the /etc/pki/tls/ldap/servercert.pem file is owned by an appropriate user or group. CC ID 05357 Configuration Preventive
    Verify the var/lib/ldap/* files are owned by an appropriate user or group. CC ID 05358 Configuration Preventive
    Verify the /etc/httpd/conf/* files are owned by an appropriate user or group. CC ID 05359 Configuration Preventive
    Verify the /etc/auto_* file is owned by an appropriate user. CC ID 05360 Configuration Preventive
    Verify the /etc/rmmount.conf file is owned by an appropriate user or group. CC ID 05361 Configuration Preventive
    Verify the /var/log/pamlog log is owned by an appropriate user or group. CC ID 05362 Configuration Preventive
    Verify the /etc/security/audit_control file is owned by an appropriate user or group. CC ID 05363 Configuration Preventive
    Verify the /etc/security/audit_class file is owned by an appropriate user or group. CC ID 05364 Configuration Preventive
    Verify the /etc/security/audit_event file is owned by an appropriate user or group. CC ID 05365 Configuration Preventive
    Verify the ASET userlist file is owned by an appropriate user or group. CC ID 05366 Configuration Preventive
    Verify the /var directory is owned by an appropriate user. CC ID 05367 Configuration Preventive
    Verify the /var/log directory is owned by an appropriate user. CC ID 05368 Configuration Preventive
    Verify the /var/adm directory is owned by an appropriate user. CC ID 05369 Configuration Preventive
    Restrict the debug level daemon logging file owner and daemon debug group owner. CC ID 05370 Configuration Preventive
    Restrict the Cron log file owner and Cron group owner. CC ID 05371 Configuration Preventive
    Restrict the system accounting file owner and system accounting group owner. CC ID 05372 Configuration Preventive
    Restrict audit log file ownership and audit group ownership. CC ID 05373 Configuration Preventive
    Set the X server timeout properly. CC ID 05374 Configuration Preventive
    Configure each user's authentication mechanism (system attribute) properly. CC ID 05375 Configuration Preventive
    Enable or disable SeLinux, as appropriate. CC ID 05376 Configuration Preventive
    Set the SELinux state properly. CC ID 05377 Configuration Preventive
    Set the SELinux policy properly. CC ID 05378 Configuration Preventive
    Configure Dovecot properly. CC ID 05379 Configuration Preventive
    Configure the "Prohibit Access of the Windows Connect Now Wizards" setting. CC ID 05380 Configuration Preventive
    Configure the "Allow remote access to the PnP interface" setting. CC ID 05381 Configuration Preventive
    Configure the "Do not create system restore point when new device driver installed" setting. CC ID 05382 Configuration Preventive
    Configure the "Turn Off Access to All Windows Update Feature" setting. CC ID 05383 Configuration Preventive
    Configure the "Turn Off Automatic Root Certificates Update" setting. CC ID 05384 Configuration Preventive
    Configure the "Turn Off Event Views 'Events.asp' Links" setting. CC ID 05385 Configuration Preventive
    Configure "Turn Off Handwriting Recognition Error Reporting" to organizational standards. CC ID 05386 Configuration Preventive
    Configure the "Turn off Help and Support Center 'Did You Know?' content" setting. CC ID 05387 Configuration Preventive
    Configure the "Turn Off Help and Support Center Microsoft Knowledge Base Search" setting. CC ID 05388 Configuration Preventive
    Configure the "Turn Off Internet File Association Service" setting. CC ID 05389 Configuration Preventive
    Configure the "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting. CC ID 05390 Configuration Preventive
    Configure the "Turn off the 'Order Prints' Picture task" setting. CC ID 05391 Configuration Preventive
    Configure the "Turn Off Windows Movie Maker Online Web Links" setting. CC ID 05392 Configuration Preventive
    Configure the "Turn Off Windows Movie Maker Saving to Online Video Hosting Provider" setting. CC ID 05393 Configuration Preventive
    Configure the "Don't Display the Getting Started Welcome Screen at Logon" setting. CC ID 05394 Configuration Preventive
    Configure the "Turn off Windows Startup Sound" setting. CC ID 05395 Configuration Preventive
    Configure the "Allow only Vista or later connections" setting. CC ID 05396 Configuration Preventive
    Configure the "Turn on bandwidth optimization" setting. CC ID 05397 Configuration Preventive
    Configure the "Prevent IIS Installation" setting. CC ID 05398 Configuration Preventive
    Configure the "Turn off Active Help" setting. CC ID 05399 Configuration Preventive
    Configure the "Turn off Untrusted Content" setting. CC ID 05400 Configuration Preventive
    Configure the "Turn off downloading of enclosures" setting. CC ID 05401 Configuration Preventive
    Configure "Allow indexing of encrypted files" to organizational standards. CC ID 05402 Configuration Preventive
    Configure the "Prevent indexing uncached Exchange folders" setting. CC ID 05403 Configuration Preventive
    Configure the "Turn off Windows Calendar" setting. CC ID 05404 Configuration Preventive
    Configure the "Turn off Windows Defender" setting. CC ID 05405 Configuration Preventive
    Configure the "Turn off Heap termination on corruption" setting to organizational standards. CC ID 05406 Configuration Preventive
    Configure the "Turn off shell protocol protected mode" setting to organizational standards. CC ID 05407 Configuration Preventive
    Configure the "Prohibit non-administrators from applying vendor signed updates" setting. CC ID 05408 Configuration Preventive
    Configure the "Report when logon server was not available during user logon" setting. CC ID 05409 Configuration Preventive
    Configure the "Turn off the communication features" setting. CC ID 05410 Configuration Preventive
    Configure the "Turn off Windows Mail application" setting. CC ID 05411 Configuration Preventive
    Configure the "Prevent Windows Media DRM Internet Access" setting. CC ID 05412 Configuration Preventive
    Configure the "Turn off Windows Meeting Space" setting. CC ID 05413 Configuration Preventive
    Configure the "Turn on Windows Meeting Space auditing" setting. CC ID 05414 Configuration Preventive
    Configure the "Disable unpacking and installation of gadgets that are not digitally signed" setting. CC ID 05415 Configuration Preventive
    Configure the "Override the More Gadgets Link" setting. CC ID 05416 Configuration Preventive
    Configure the "Turn Off User Installed Windows Sidebar Gadgets" setting. CC ID 05417 Configuration Preventive
    Configure the "Do not allow Digital Locker to run" setting. CC ID 05418 Configuration Preventive
    Configure the "Turn off Downloading of Game Information" setting. CC ID 05419 Configuration Preventive
    Configure "Turn on Responder (RSPNDR) driver" to organizational standards. CC ID 05420 Configuration Preventive
    Verify ExecShield has been randomly placed in Virtual Memory regions. CC ID 05436 Configuration Preventive
    Enable the ExecShield, as appropriate. CC ID 05421 Configuration Preventive
    Configure Kernel support for the XD/NX processor feature, as appropriate. CC ID 05422 Configuration Preventive
    Configure the XD/NX processor feature in the BIOS, as appropriate. CC ID 05423 Configuration Preventive
    Configure the Shell for the bin account properly. CC ID 05424 Configuration Preventive
    Configure the Shell for the nuucp account properly. CC ID 05425 Configuration Preventive
    Configure the Shell for the smmsp account properly. CC ID 05426 Configuration Preventive
    Configure the Shell for the listen account properly. CC ID 05427 Configuration Preventive
    Configure the Shell for the gdm account properly. CC ID 05428 Configuration Preventive
    Configure the Shell for the webservd account properly. CC ID 05429 Configuration Preventive
    Configure the Shell for the nobody account properly. CC ID 05430 Configuration Preventive
    Configure the Shell for the noaccess account properly. CC ID 05431 Configuration Preventive
    Configure the Shell for the nobody4 account properly. CC ID 05432 Configuration Preventive
    Configure the Shell for the adm account properly. CC ID 05433 Configuration Preventive
    Configure the Shell for the lp account properly. CC ID 05434 Configuration Preventive
    Configure the Shell for the uucp account properly. CC ID 05435 Configuration Preventive
    Set the noexec_user_stack parameter properly. CC ID 05437 Configuration Preventive
    Set the no_exec_user_stack_log parameter properly. CC ID 05438 Configuration Preventive
    Set the noexec_user_stack flag on the user stack properly. CC ID 05439 Configuration Preventive
    Set the TCP max connection limit properly. CC ID 05440 Configuration Preventive
    Set the TCP abort interval properly. CC ID 05441 Configuration Preventive
    Enable or disable the GNOME screenlock, as appropriate. CC ID 05442 Configuration Preventive
    Set the ARP cache cleanup interval properly. CC ID 05443 Configuration Preventive
    Set the ARP IRE scan rate properly. CC ID 05444 Configuration Preventive
    Disable proxy ARP on all interfaces. CC ID 06570 Configuration Preventive
    Set the FileSpaceSwitch variable to an appropriate value. CC ID 05445 Configuration Preventive
    Set the wakeup switchpoint frequency to an appropriate time interval. CC ID 05446 Configuration Preventive
    Enable or disable the setuid option on removable storage media, as appropriate. CC ID 05447 Configuration Preventive
    Configure TCP/IP PMTU Discovery, as appropriate. CC ID 05991 Configuration Preventive
    Configure Secure Shell to enable or disable empty passwords, as appropriate. CC ID 06016 Configuration Preventive
    Configure each user's Screen Saver Executable Name. CC ID 06027 Configuration Preventive
    Configure the NIS+ server to operate at an appropriate security level. CC ID 06038 Configuration Preventive
    Configure the "restrict guest access to system log" policy, as appropriate. CC ID 06047 Configuration Preventive
    Configure the "Block saving of Open XML file types" setting, as appropriate. CC ID 06048 Configuration Preventive
    Enable or disable user-initiated system crashes via the CTRL+SCROLL LOCK+SCROLL LOCK sequence for keyboards. CC ID 06051 Configuration Preventive
    Configure the "Syskey mode" to organizational standards. CC ID 06052 Configuration Preventive
    Configure the Trusted Platform Module (TPM) platform validation profile, as appropriate. CC ID 06056 Configuration Preventive
    Configure the "Allow Remote Shell Access" setting, as appropriate. CC ID 06057 Configuration Preventive
    Configure the "Prevent the computer from joining a homegroup" setting, as appropriate. CC ID 06058 Configuration Preventive
    Enable or disable the authenticator requirement after waking, as appropriate. CC ID 06059 Configuration Preventive
    Enable or disable the standby states, as appropriate. CC ID 06060 Configuration Preventive
    Configure the Trusted Platform Module startup options properly. CC ID 06061 Configuration Preventive
    Configure the system to purge Policy Caches. CC ID 06569 Configuration Preventive
    Separate authenticator files and application system data on different file systems. CC ID 06790 Configuration Preventive
    Configure Application Programming Interfaces to limit or shut down interactivity based upon a rate limit. CC ID 06811 Configuration Preventive
    Configure the "all world-writable directories" user ownership to organizational standards. CC ID 08714 Establish/Maintain Documentation Preventive
    Configure the "all rsyslog log" files group ownership to organizational standards. CC ID 08715 Establish/Maintain Documentation Preventive
    Configure the "all rsyslog log" files user ownership to organizational standards. CC ID 08716 Establish/Maintain Documentation Preventive
    Configure the "Executable stack" setting to organizational standards. CC ID 08969 Configuration Preventive
    Configure the "smbpasswd executable" user ownership to organizational standards. CC ID 08975 Configuration Preventive
    Configure the "traceroute executable" group ownership to organizational standards. CC ID 08980 Configuration Preventive
    Configure the "traceroute executable" user ownership to organizational standards. CC ID 08981 Configuration Preventive
    Configure the "Apache configuration" directory group ownership to organizational standards. CC ID 08991 Configuration Preventive
    Configure the "Apache configuration" directory user ownership to organizational standards. CC ID 08992 Configuration Preventive
    Configure the "/var/log/httpd/" file group ownership to organizational standards. CC ID 09027 Configuration Preventive
    Configure the "/etc/httpd/conf.d" file group ownership to organizational standards. CC ID 09028 Configuration Preventive
    Configure the "/etc/httpd/conf/passwd" file group ownership to organizational standards. CC ID 09029 Configuration Preventive
    Configure the "/usr/sbin/apachectl" file group ownership to organizational standards. CC ID 09030 Configuration Preventive
    Configure the "/usr/sbin/httpd" file group ownership to organizational standards. CC ID 09031 Configuration Preventive
    Configure the "/var/www/html" file group ownership to organizational standards. CC ID 09032 Configuration Preventive
    Configure the "log files" the "/var/log/httpd/" directory user ownership to organizational standards. CC ID 09034 Configuration Preventive
    Configure the "/etc/httpd/conf.d" file ownership to organizational standards. CC ID 09035 Configuration Preventive
    Configure the "/etc/httpd/conf/passwd" file ownership to organizational standards. CC ID 09036 Configuration Preventive
    Configure the "/usr/sbin/apachectl" file ownership to organizational standards. CC ID 09037 Configuration Preventive
    Configure the "/usr/sbin/httpd" file ownership to organizational standards. CC ID 09038 Configuration Preventive
    Configure the "/var/www/html" file ownership to organizational standards. CC ID 09039 Configuration Preventive
    Configure the "httpd.conf" file user ownership to organizational standards. CC ID 09055 Configuration Preventive
    Configure the "httpd.conf" group ownership to organizational standards. CC ID 09056 Configuration Preventive
    Configure the "htpasswd" file user ownership to organizational standards. CC ID 09058 Configuration Preventive
    Configure the "htpasswd" file group ownership to organizational standards. CC ID 09059 Configuration Preventive
    Configure the "files specified by CustomLog" user ownership to organizational standards. CC ID 09074 Configuration Preventive
    Configure the "files specified by CustomLog" group ownership to organizational standards. CC ID 09075 Configuration Preventive
    Configure the "files specified by ErrorLog" user ownership to organizational standards. CC ID 09076 Configuration Preventive
    Configure the "files specified by ErrorLog" group ownership to organizational standards. CC ID 09077 Configuration Preventive
    Configure the "directories specified by ScriptAlias" user ownership to organizational standards. CC ID 09079 Configuration Preventive
    Configure the "directories specified by ScriptAlias" group ownership to organizational standards. CC ID 09080 Configuration Preventive
    Configure the "directories specified by ScriptAliasMatch" user ownership to organizational standards. CC ID 09082 Configuration Preventive
    Configure the "directories specified by ScriptAliasMatch" group ownership to organizational standards. CC ID 09083 Configuration Preventive
    Configure the "directories specified by DocumentRoot" user ownership to organizational standards. CC ID 09085 Configuration Preventive
    Configure the "directories specified by DocumentRoot" group ownership to organizational standards. CC ID 09086 Configuration Preventive
    Configure the "directories specified by Alias" user ownership to organizational standards. CC ID 09088 Configuration Preventive
    Configure the "directories specified by Alias" group ownership to organizational standards. CC ID 09089 Configuration Preventive
    Configure the "directories specified by ServerRoot" user ownership to organizational standards. CC ID 09091 Configuration Preventive
    Configure the "directories specified by ServerRoot" group ownership to organizational standards. CC ID 09092 Configuration Preventive
    Configure the "apache /bin" directory user ownership to organizational standards. CC ID 09094 Configuration Preventive
    Configure the "apache /bin" directory group ownership to organizational standards. CC ID 09095 Configuration Preventive
    Configure the "apache /logs" directory user ownership to organizational standards. CC ID 09097 Configuration Preventive
    Configure the "apache /logs" directory group ownership to organizational standards. CC ID 09098 Configuration Preventive
    Configure the "apache /htdocs" directory user ownership to organizational standards. CC ID 09100 Configuration Preventive
    Configure the "apache /htdocs" directory group ownership to organizational standards. CC ID 09101 Configuration Preventive
    Configure the "apache /cgi-bin" directory group ownership to organizational standards. CC ID 09104 Configuration Preventive
    Configure the "User-specific directories" setting to organizational standards. CC ID 09123 Configuration Preventive
    Configure the "apache process ID" file user ownership to organizational standards. CC ID 09125 Configuration Preventive
    Configure the "apache process ID" file group ownership to organizational standards. CC ID 09126 Configuration Preventive
    Configure the "apache scoreboard" file user ownership to organizational standards. CC ID 09128 Configuration Preventive
    Configure the "apache scoreboard" file group ownership to organizational standards. CC ID 09129 Configuration Preventive
    Configure the "Ownership of the asymmetric keys" setting to organizational standards. CC ID 09289 Configuration Preventive
    Configure the "SQLServer2005ReportServerUser" registry key permissions to organizational standards. CC ID 09326 Configuration Preventive
    Configure the "SQLServerADHelperUser" registry key permissions to organizational standards. CC ID 09329 Configuration Preventive
    Configure the "Tomcat home" directory user ownership to organizational standards. CC ID 09772 Configuration Preventive
    Configure the "group" setting for the "Tomcat installation" to organizational standards. CC ID 09773 Configuration Preventive
    Configure the "tomcat conf/" directory user ownership to organizational standards. CC ID 09774 Configuration Preventive
    Configure the "tomcat conf/" directory group ownership to organizational standards. CC ID 09775 Configuration Preventive
    Configure the "tomcat-users.xml" file user ownership to organizational standards. CC ID 09776 Configuration Preventive
    Configure the "tomcat-users.xml" file group ownership to organizational standards. CC ID 09777 Configuration Preventive
    Configure the "group membership" setting for "Tomcat" to organizational standards. CC ID 09793 Configuration Preventive
    Configure the "Tomcat home" directory group ownership to organizational standards. CC ID 09798 Configuration Preventive
    Configure the "Tomcat home/conf/" directory user ownership to organizational standards. CC ID 09800 Configuration Preventive
    Configure the "Tomcat home/conf/" directory group ownership to organizational standards. CC ID 09801 Configuration Preventive
    Configure the "system" files permissions to organizational standards. CC ID 09922 Configuration Preventive
    Configure the "size limit" setting for the "application log" to organizational standards. CC ID 10063 Configuration Preventive
    Configure the "restrict guest access to security log" setting to organizational standards. CC ID 10064 Configuration Preventive
    Configure the "size limit" setting for the "system log" to organizational standards. CC ID 10065 Configuration Preventive
    Configure the "Automatic Update service" setting to organizational standards. CC ID 10066 Configuration Preventive
    Configure the "Safe DLL Search Mode" setting to organizational standards. CC ID 10067 Configuration Preventive
    Configure the "screensaver" setting to organizational standards. CC ID 10068 Configuration Preventive
    Configure the "screensaver" setting for the "default" user to organizational standards. CC ID 10069 Configuration Preventive
    Configure the "Enable User Control Over Installs" setting to organizational standards. CC ID 10070 Configuration Preventive
    Configure the "Enable User to Browser for Source While Elevated" setting to organizational standards. CC ID 10071 Configuration Preventive
    Configure the "Enable User to Use Media Source While Elevated" setting to organizational standards. CC ID 10072 Configuration Preventive
    Configure the "Allow Administrator to Install from Terminal Services Session" setting to organizational standards. CC ID 10073 Configuration Preventive
    Configure the "Enable User to Patch Elevated Products" setting to organizational standards. CC ID 10074 Configuration Preventive
    Configure the "Cache Transforms in Secure Location" setting to organizational standards. CC ID 10075 Configuration Preventive
    Configure the "Disable Media Player for automatic updates" setting to organizational standards. CC ID 10076 Configuration Preventive
    Configure the "Internet access for Windows Messenger" setting to organizational standards. CC ID 10077 Configuration Preventive
    Configure the "Do Not Automatically Start Windows Messenger" setting to organizational standards. CC ID 10078 Configuration Preventive
    Configure the "Hide Property Pages" setting for the "task scheduler" to organizational standards. CC ID 10079 Configuration Preventive
    Configure the "Prohibit New Task Creation" setting for the "task scheduler" to organizational standards. CC ID 10080 Configuration Preventive
    Configure "Set time limit for disconnected sessions" to organizational standards. CC ID 10081 Configuration Preventive
    Configure the "Set time limit for idle sessions" setting to organizational standards. CC ID 10082 Configuration Preventive
    Configure the "Enable Keep-Alive Messages" setting to organizational standards. CC ID 10083 Configuration Preventive
    Configure the "Automatic Updates detection frequency" setting to organizational standards. CC ID 10084 Configuration Preventive
    Configure the "TCPMaxPortsExhausted" setting to organizational standards. CC ID 10085 Configuration Preventive
    Configure the "built-in Administrator" account to organizational standards. CC ID 10086 Configuration Preventive
    Configure the "Prevent System Maintenance of Computer Account Password" setting to organizational standards. CC ID 10087 Configuration Preventive
    Configure the "Digitally Sign Client Communication (When Possible)" setting to organizational standards. CC ID 10088 Configuration Preventive
    Configure the "number of SYN-ACK retransmissions sent when attempting to respond to a SYN request" setting to organizational standards. CC ID 10089 Configuration Preventive
    Configure the "warning level" setting for the "audit log" to organizational standards. CC ID 10090 Configuration Preventive
    Configure the "Change Password" setting for the "Ctrl+Alt+Del dialog" to organizational standards. CC ID 10091 Configuration Preventive
    Configure the "account description" setting for the "built-in Administrator" account to organizational standards. CC ID 10092 Configuration Preventive
    Configure the "Decoy Admin Account Not Disabled" setting to organizational standards. CC ID 10201 Configuration Preventive
    Configure the "when maximum log size is reached" setting for the "Application log" to organizational standards. CC ID 10202 Configuration Preventive
    Configure the "password filtering DLL" setting to organizational standards. CC ID 10203 Configuration Preventive
    Configure the "Anonymous access to the registry" setting to organizational standards. CC ID 10204 Configuration Preventive
    Configure the "Automatic Execution" setting for the "System Debugger" to organizational standards. CC ID 10205 Configuration Preventive
    Configure the "CD-ROM Autorun" setting to organizational standards. CC ID 10206 Configuration Preventive
    Configure the "ResetBrowser Frames" setting to organizational standards. CC ID 10207 Configuration Preventive
    Configure the "Dr. Watson Crash Dumps" setting to organizational standards. CC ID 10208 Configuration Preventive
    Configure the "File System Checker and Popups" setting to organizational standards. CC ID 10209 Configuration Preventive
    Configure the "System File Checker" setting to organizational standards. CC ID 10210 Configuration Preventive
    Configure the "System File Checker Progress Meter" setting to organizational standards. CC ID 10211 Configuration Preventive
    Configure the "number of TCP/IP Maximum Half-open Sockets" setting to organizational standards. CC ID 10212 Configuration Preventive
    Configure the "number of TCP/IP Maximum Retried Half-open Sockets" setting to organizational standards. CC ID 10213 Configuration Preventive
    Configure the "Protect Kernel object attributes" setting to organizational standards. CC ID 10214 Configuration Preventive
    Configure the "Unsigned Non-Driver Installation Behavior" setting to organizational standards. CC ID 10215 Configuration Preventive
    Configure the "Automatically Log Off Users When Logon Time Expires (local)" setting to organizational standards. CC ID 10216 Configuration Preventive
    Configure the "Local volumes" setting to organizational standards. CC ID 10217 Configuration Preventive
    Configure the "Unused USB Ports" setting to organizational standards. CC ID 10218 Configuration Preventive
    Configure the "Set Safe for Scripting" setting to organizational standards. CC ID 10219 Configuration Preventive
    Configure the "Use of the Recycle Bin on file deletion" setting to organizational standards. CC ID 10220 Configuration Preventive
    Configure the "Membership in the Power Users group" setting to organizational standards. CC ID 10224 Configuration Preventive
    Configure the "AutoBackupLogFiles" setting for the "security log" to organizational standards. CC ID 10225 Configuration Preventive
    Configure the "AutoBackupLogFiles" setting for the "application log" to organizational standards. CC ID 10226 Configuration Preventive
    Configure the "AutoBackupLogFiles" setting for the "system log" to organizational standards. CC ID 10227 Configuration Preventive
    Configure the "Syskey Encryption Key location and password method" setting to organizational standards. CC ID 10228 Configuration Preventive
    Configure the "Os2LibPath environmental variable" setting to organizational standards. CC ID 10229 Configuration Preventive
    Configure the "path to the Microsoft OS/2 version 1.x library" setting to organizational standards. CC ID 10230 Configuration Preventive
    Configure the "location of the OS/2 subsystem" setting to organizational standards. CC ID 10231 Configuration Preventive
    Configure the "location of the POSIX subsystem" setting to organizational standards. CC ID 10232 Configuration Preventive
    Configure the "path to the debugger used for Just-In-Time debugging" setting to organizational standards. CC ID 10234 Configuration Preventive
    Configure the "Distributed Component Object Model (DCOM)" setting to organizational standards. CC ID 10235 Configuration Preventive
    Configure the "The "encryption algorithm" setting for "EFS"" setting to organizational standards. CC ID 10236 Configuration Preventive
    Configure the "Interix Subsystem Startup service startup type" setting to organizational standards. CC ID 10238 Configuration Preventive
    Configure the "Services for Unix Perl Socket service startup type" setting to organizational standards. CC ID 10247 Configuration Preventive
    Configure the "Services for Unix Windows Cron service startup type" setting to organizational standards. CC ID 10248 Configuration Preventive
    Configure the "fDisableCdm" setting to organizational standards. CC ID 10259 Configuration Preventive
    Configure the "fDisableClip" setting to organizational standards. CC ID 10260 Configuration Preventive
    Configure the "Inheritance of the shadow setting" setting to organizational standards. CC ID 10261 Configuration Preventive
    Configure the "remote control configuration" setting to organizational standards. CC ID 10262 Configuration Preventive
    Configure the "fDisableCam" setting to organizational standards. CC ID 10263 Configuration Preventive
    Configure the "fDisableCcm" setting to organizational standards. CC ID 10264 Configuration Preventive
    Configure the "fDisableLPT" setting to organizational standards. CC ID 10265 Configuration Preventive
    Configure the "ActiveX installation policy for sites in Trusted zones" setting to organizational standards. CC ID 10691 Configuration Preventive
    Configure the "Add the Administrators security group to roaming user profiles" setting to organizational standards. CC ID 10694 Configuration Preventive
    Configure the "Administratively assigned offline files" setting to organizational standards. CC ID 10695 Configuration Preventive
    Configure the "Apply policy to removable media" setting to organizational standards. CC ID 10756 Configuration Preventive
    Configure the "Baseline file cache maximum size" setting to organizational standards. CC ID 10763 Configuration Preventive
    Configure the "Check for New Signatures Before Scheduled Scans" setting to organizational standards. CC ID 10770 Configuration Preventive
    Configure the "Check published state" setting to organizational standards. CC ID 10771 Configuration Preventive
    Configure the "Communities" setting to organizational standards. CC ID 10772 Configuration Preventive
    Configure the "Computer location" setting to organizational standards. CC ID 10773 Configuration Preventive
    Configure the "Background Sync" setting to organizational standards. CC ID 10775 Configuration Preventive
    Configure the "Corporate Windows Error Reporting" setting to organizational standards. CC ID 10777 Configuration Preventive
    Configure the "Corrupted File Recovery Behavior" setting to organizational standards. CC ID 10778 Configuration Preventive
    Configure the "Default consent" setting to organizational standards. CC ID 10780 Configuration Preventive
    Configure the "list of IEEE 1667 silos usable on your computer" setting to organizational standards. CC ID 10792 Configuration Preventive
    Configure the "Microsoft SpyNet Reporting" setting to organizational standards. CC ID 10794 Configuration Preventive
    Configure the "MSI Corrupted File Recovery Behavior" setting to organizational standards. CC ID 10795 Configuration Preventive
    Configure the "Reliability WMI Providers" setting to organizational standards. CC ID 10804 Configuration Preventive
    Configure the "Report Archive" setting to organizational standards. CC ID 10805 Configuration Preventive
    Configure the "Report Queue" setting to organizational standards. CC ID 10806 Configuration Preventive
    Configure the "root certificate clean up" setting to organizational standards. CC ID 10807 Configuration Preventive
    Configure the "Security Policy for Scripted Diagnostics" setting to organizational standards. CC ID 10816 Configuration Preventive
    Configure the "list of blocked TPM commands" setting to organizational standards. CC ID 10822 Configuration Preventive
    Configure the "refresh interval for Server Manager" setting to organizational standards. CC ID 10823 Configuration Preventive
    Configure the "server address, refresh interval, and issuer certificate authority of a target Subscription Manager" setting to organizational standards. CC ID 10824 Configuration Preventive
    Configure the "Customize consent settings" setting to organizational standards. CC ID 10837 Configuration Preventive
    Configure the "Default behavior for AutoRun" setting to organizational standards. CC ID 10839 Configuration Preventive
    Configure the "Define Activation Security Check exemptions" setting to organizational standards. CC ID 10841 Configuration Preventive
    Configure the "Define host name-to-Kerberos realm mappings" setting to organizational standards. CC ID 10842 Configuration Preventive
    Configure the "Define interoperable Kerberos V5 realm settings" setting to organizational standards. CC ID 10843 Configuration Preventive
    Configure the "Delay Restart for scheduled installations" setting to organizational standards. CC ID 10844 Configuration Preventive
    Configure the "Delete cached copies of roaming profiles" setting to organizational standards. CC ID 10845 Configuration Preventive
    Configure the "Delete user profiles older than a specified number of days on system restart" setting to organizational standards. CC ID 10847 Configuration Preventive
    Configure the "Diagnostics: Configure scenario retention" setting to organizational standards. CC ID 10857 Configuration Preventive
    Configure the "Directory pruning interval" setting to organizational standards. CC ID 10858 Configuration Preventive
    Configure the "Directory pruning priority" setting to organizational standards. CC ID 10859 Configuration Preventive
    Configure the "Directory pruning retry" setting to organizational standards. CC ID 10860 Configuration Preventive
    Configure the "Disk Diagnostic: Configure custom alert text" setting to organizational standards. CC ID 10882 Configuration Preventive
    Configure the "Display Shutdown Event Tracker" setting to organizational standards. CC ID 10888 Configuration Preventive
    Configure the "Display string when smart card is blocked" setting to organizational standards. CC ID 10889 Configuration Preventive
    Configure the "Do not automatically encrypt files moved to encrypted folders" setting to organizational standards. CC ID 10924 Configuration Preventive
    Configure the "Do not check for user ownership of Roaming Profile Folders" setting to organizational standards. CC ID 10925 Configuration Preventive
    Configure the "Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names" setting to organizational standards. CC ID 10932 Configuration Preventive
    Configure the "Do not send additional data" machine setting should be configured correctly. to organizational standards. CC ID 10934 Configuration Preventive
    Configure the "Domain Controller Address Type Returned" setting to organizational standards. CC ID 10939 Configuration Preventive
    Configure the "Domain Location Determination URL" setting to organizational standards. CC ID 10940 Configuration Preventive
    Configure the "Don't set the always do this checkbox" setting to organizational standards. CC ID 10941 Configuration Preventive
    Configure the "Download missing COM components" setting to organizational standards. CC ID 10942 Configuration Preventive
    Configure the "Dynamic Update" setting to organizational standards. CC ID 10944 Configuration Preventive
    Configure the "Enable client-side targeting" setting to organizational standards. CC ID 10946 Configuration Preventive
    Configure the "Enable NTFS pagefile encryption" setting to organizational standards. CC ID 10948 Configuration Preventive
    Configure the "Enable Persistent Time Stamp" setting to organizational standards. CC ID 10949 Configuration Preventive
    Configure the "Enable Transparent Caching" setting to organizational standards. CC ID 10950 Configuration Preventive
    Configure the "Enable Windows NTP Client" setting to organizational standards. CC ID 10951 Configuration Preventive
    Configure the "Enable Windows NTP Server" setting to organizational standards. CC ID 10952 Configuration Preventive
    Configure the "Encrypt the Offline Files cache" setting to organizational standards. CC ID 10955 Configuration Preventive
    Configure the "Enforce upgrade component rules" setting to organizational standards. CC ID 10958 Configuration Preventive
    Configure the "Events.asp program" setting to organizational standards. CC ID 10959 Configuration Preventive
    Configure the "Events.asp program command line parameters" setting to organizational standards. CC ID 10960 Configuration Preventive
    Configure the "Events.asp URL" setting to organizational standards. CC ID 10961 Configuration Preventive
    Configure the "Exclude credential providers" setting to organizational standards. CC ID 10962 Configuration Preventive
    Configure the "Exclude files from being cached" setting to organizational standards. CC ID 10963 Configuration Preventive
    Configure the "Final DC Discovery Retry Setting for Background Callers" setting to organizational standards. CC ID 10968 Configuration Preventive
    Configure the "For tablet pen input, don't show the Input Panel icon" setting to organizational standards. CC ID 10973 Configuration Preventive
    Configure the "For touch input, don't show the Input Panel icon" setting to organizational standards. CC ID 10974 Configuration Preventive
    Configure the "Force Rediscovery Interval" setting to organizational standards. CC ID 10975 Configuration Preventive
    Configure the "Force selected system UI language to overwrite the user UI language" setting to organizational standards. CC ID 10976 Configuration Preventive
    Configure the "Force the reading of all certificates from the smart card" setting to organizational standards. CC ID 10977 Configuration Preventive
    Configure the "ForwarderResourceUsage" setting to organizational standards. CC ID 10978 Configuration Preventive
    Configure the "Global Configuration Settings" setting to organizational standards. CC ID 10979 Configuration Preventive
    Configure the "Hash Publication for BranchCache" setting to organizational standards. CC ID 10986 Configuration Preventive
    Configure the "Hide entry points for Fast User Switching" setting to organizational standards. CC ID 10987 Configuration Preventive
    Configure the "Hide notifications about RD Licensing problems that affect the RD Session Host server" setting to organizational standards. CC ID 10988 Configuration Preventive
    Configure the "Hide previous versions list for local files" setting to organizational standards. CC ID 10989 Configuration Preventive
    Configure the "Hide previous versions of files on backup location" setting to organizational standards. CC ID 10991 Configuration Preventive
    Configure the "Ignore custom consent settings" setting to organizational standards. CC ID 10992 Configuration Preventive
    Configure the "Ignore Delegation Failure" setting to organizational standards. CC ID 10993 Configuration Preventive
    Configure the "Ignore the default list of blocked TPM commands" setting to organizational standards. CC ID 10994 Configuration Preventive
    Configure the "Ignore the local list of blocked TPM commands" setting to organizational standards. CC ID 10995 Configuration Preventive
    Configure the "Include rarely used Chinese, Kanji, or Hanja characters" setting to organizational standards. CC ID 10996 Configuration Preventive
    Configure the "Initial DC Discovery Retry Setting for Background Callers" setting to organizational standards. CC ID 10997 Configuration Preventive
    Configure the "IP-HTTPS State" setting to organizational standards. CC ID 11000 Configuration Preventive
    Configure the "ISATAP Router Name" setting to organizational standards. CC ID 11001 Configuration Preventive
    Configure the "ISATAP State" setting to organizational standards. CC ID 11002 Configuration Preventive
    Configure the "License server security group" setting to organizational standards. CC ID 11005 Configuration Preventive
    Configure the "List of applications to be excluded" setting to organizational standards. CC ID 11023 Configuration Preventive
    Configure the "Lock Enhanced Storage when the computer is locked" setting to organizational standards. CC ID 11025 Configuration Preventive
    Configure the "Make Parental Controls control panel visible on a Domain" setting to organizational standards. CC ID 11039 Configuration Preventive
    Configure the "MaxConcurrentUsers" setting to organizational standards. CC ID 11040 Configuration Preventive
    Configure the "Maximum DC Discovery Retry Interval Setting for Background Callers" setting to organizational standards. CC ID 11041 Configuration Preventive
    Configure the "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider" setting to organizational standards. CC ID 11045 Configuration Preventive
    Configure the "Negative DC Discovery Cache Setting" setting to organizational standards. CC ID 11047 Configuration Preventive
    Configure the "Non-conforming packets" setting to organizational standards. CC ID 11053 Configuration Preventive
    Configure the "Notify blocked drivers" setting to organizational standards. CC ID 11054 Configuration Preventive
    Configure the "Notify user of successful smart card driver installation" setting to organizational standards. CC ID 11055 Configuration Preventive
    Configure the "Permitted Managers" setting to organizational standards. CC ID 11062 Configuration Preventive
    Configure the "Positive Periodic DC Cache Refresh for Background Callers" setting to organizational standards. CC ID 11063 Configuration Preventive
    Configure the "Positive Periodic DC Cache Refresh for Non-Background Callers" setting to organizational standards. CC ID 11064 Configuration Preventive
    Configure the "Prioritize all digitally signed drivers equally during the driver ranking and selection process" setting to organizational standards. CC ID 11098 Configuration Preventive
    Configure the "Prompt for credentials on the client computer" setting to organizational standards. CC ID 11108 Configuration Preventive
    Configure the "Propagation of extended error information" setting to organizational standards. CC ID 11110 Configuration Preventive
    Configure the "Register PTR Records" setting to organizational standards. CC ID 11121 Configuration Preventive
    Configure the "Registration Refresh Interval" setting to organizational standards. CC ID 11122 Configuration Preventive
    Configure the "Remove Program Compatibility Property Page" setting to organizational standards. CC ID 11128 Configuration Preventive
    Configure the "Remove users ability to invoke machine policy refresh" setting to organizational standards. CC ID 11129 Configuration Preventive
    Configure the "Remove Windows Security item from Start menu" setting to organizational standards. CC ID 11130 Configuration Preventive
    Configure the "Re-prompt for restart with scheduled installations" setting to organizational standards. CC ID 11131 Configuration Preventive
    Configure the "Require secure RPC communication" setting to organizational standards. CC ID 11134 Configuration Preventive
    Configure the "Require strict KDC validation" setting to organizational standards. CC ID 11135 Configuration Preventive
    Configure the "Reverse the subject name stored in a certificate when displaying" setting to organizational standards. CC ID 11148 Configuration Preventive
    Configure the "RPC Troubleshooting State Information" setting to organizational standards. CC ID 11150 Configuration Preventive
    Configure the "Run shutdown scripts visible" setting to organizational standards. CC ID 11152 Configuration Preventive
    Configure the "Run startup scripts asynchronously" setting to organizational standards. CC ID 11153 Configuration Preventive
    Configure the "Run startup scripts visible" setting to organizational standards. CC ID 11154 Configuration Preventive
    Configure the "Scavenge Interval" setting to organizational standards. CC ID 11158 Configuration Preventive
    Configure the "Server Authentication Certificate Template" setting to organizational standards. CC ID 11170 Configuration Preventive
    Configure the "Set BranchCache Distributed Cache mode" setting to organizational standards. CC ID 11172 Configuration Preventive
    Configure the "Set BranchCache Hosted Cache mode" setting to organizational standards. CC ID 11173 Configuration Preventive
    Configure the "Set compression algorithm for RDP data" setting to organizational standards. CC ID 11174 Configuration Preventive
    Configure the "Set percentage of disk space used for client computer cache" setting to organizational standards. CC ID 11177 Configuration Preventive
    Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Global" to organizational standards. CC ID 11178 Configuration Preventive
    Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Site Local" to organizational standards. CC ID 11180 Configuration Preventive
    Configure the "Set the Email IDs to which notifications are to be sent" setting to organizational standards. CC ID 11184 Configuration Preventive
    Configure the "Set the map update interval for NIS subordinate servers" setting to organizational standards. CC ID 11186 Configuration Preventive
    Configure the "Set the Seed Server" setting for "IPv6 Global" to organizational standards. CC ID 11189 Configuration Preventive
    Configure the "Set the Seed Server" setting for "IPv6 Site Local" to organizational standards. CC ID 11191 Configuration Preventive
    Configure the "Set the SMTP Server used to send notifications" setting to organizational standards. CC ID 11192 Configuration Preventive
    Configure the "Set timer resolution" setting to organizational standards. CC ID 11196 Configuration Preventive
    Configure the "Sets how often a DFS Client discovers DC's" setting to organizational standards. CC ID 11199 Configuration Preventive
    Configure the "Short name creation options" setting to organizational standards. CC ID 11200 Configuration Preventive
    Configure the "Site Name" setting to organizational standards. CC ID 11201 Configuration Preventive
    Configure the "Specify a default color" setting to organizational standards. CC ID 11208 Configuration Preventive
    Configure the "Specify idle Timeout" setting to organizational standards. CC ID 11210 Configuration Preventive
    Configure the "Specify maximum amount of memory in MB per Shell" setting to organizational standards. CC ID 11211 Configuration Preventive
    Configure the "Specify maximum number of processes per Shell" setting to organizational standards. CC ID 11212 Configuration Preventive
    Configure the "Specify Shell Timeout" setting to organizational standards. CC ID 11216 Configuration Preventive
    Configure the "Specify Windows installation file location" setting to organizational standards. CC ID 11225 Configuration Preventive
    Configure the "Specify Windows Service Pack installation file location" setting to organizational standards. CC ID 11226 Configuration Preventive
    Configure the "SSL Cipher Suite Order" setting to organizational standards. CC ID 11227 Configuration Preventive
    Configure the "Switch to the Simplified Chinese (PRC) gestures" setting to organizational standards. CC ID 11230 Configuration Preventive
    Configure the "Sysvol share compatibility" setting to organizational standards. CC ID 11231 Configuration Preventive
    Configure the "Tag Windows Customer Experience Improvement data with Study Identifier" setting to organizational standards. CC ID 11232 Configuration Preventive
    Configure the "Teredo Client Port" setting to organizational standards. CC ID 11236 Configuration Preventive
    Configure the "Teredo Default Qualified" setting to organizational standards. CC ID 11237 Configuration Preventive
    Configure the "Teredo Refresh Rate" setting to organizational standards. CC ID 11238 Configuration Preventive
    Configure the "Teredo Server Name" setting to organizational standards. CC ID 11239 Configuration Preventive
    Configure the "Teredo State" setting to organizational standards. CC ID 11240 Configuration Preventive
    Configure the "Time (in seconds) to force reboot" setting to organizational standards. CC ID 11242 Configuration Preventive
    Configure the "Time (in seconds) to force reboot when required for policy changes to take effect" setting to organizational standards. CC ID 11243 Configuration Preventive
    Configure the "Timeout for fast user switching events" setting to organizational standards. CC ID 11244 Configuration Preventive
    Configure the "Traps for public community" setting to organizational standards. CC ID 11246 Configuration Preventive
    Configure the "Trusted Hosts" setting to organizational standards. CC ID 11249 Configuration Preventive
    Configure the "Try Next Closest Site" setting to organizational standards. CC ID 11250 Configuration Preventive
    Configure the "TTL Set in the A and PTR records" setting to organizational standards. CC ID 11251 Configuration Preventive
    Configure the "Turn on Accounting for WSRM" setting to organizational standards. CC ID 11333 Configuration Preventive
    Configure the "Turn on BranchCache" setting to organizational standards. CC ID 11334 Configuration Preventive
    Configure the "Turn on certificate propagation from smart card" setting to organizational standards. CC ID 11335 Configuration Preventive
    Configure the "Turn On Compatibility HTTP Listener" setting to organizational standards. CC ID 11336 Configuration Preventive
    Configure the "Turn On Compatibility HTTPS Listener" setting to organizational standards. CC ID 11337 Configuration Preventive
    Configure the "Turn on definition updates through both WSUS and the Microsoft Malware Protection Center" setting to organizational standards. CC ID 11338 Configuration Preventive
    Configure the "Turn on definition updates through both WSUS and Windows Update" setting to organizational standards. CC ID 11339 Configuration Preventive
    Configure the "Turn on economical application of administratively assigned Offline Files" setting to organizational standards. CC ID 11342 Configuration Preventive
    Configure the "Turn on Mapper I/O (LLTDIO) driver" setting to organizational standards. CC ID 11346 Configuration Preventive
    Configure the "Turn on recommended updates via Automatic Updates" setting to organizational standards. CC ID 11347 Configuration Preventive
    Configure the "Turn on root certificate propagation from smart card" setting to organizational standards. CC ID 11349 Configuration Preventive
    Configure the "Turn on Software Notifications" setting to organizational standards. CC ID 11352 Configuration Preventive
    Configure the "Turn on TPM backup to Active Directory Domain Services" setting to organizational standards. CC ID 11356 Configuration Preventive
    Configure the "Use forest search order" setting for "Key Distribution Center (KDC) searches" to organizational standards. CC ID 11359 Configuration Preventive
    Configure the "Use forest search order" setting for "Kerberos client searches" to organizational standards. CC ID 11360 Configuration Preventive
    Configure the "Use IP Address Redirection" setting to organizational standards. CC ID 11361 Configuration Preventive
    Configure the "Use localized subfolder names when redirecting Start Menu and My Documents" setting to organizational standards. CC ID 11362 Configuration Preventive
    Configure the "Use mandatory profiles on the RD Session Host server" setting to organizational standards. CC ID 11363 Configuration Preventive
    Configure the "Verbose vs normal status messages" setting to organizational standards. CC ID 11368 Configuration Preventive
    Configure the "Verify old and new Folder Redirection targets point to the same share before redirecting" setting to organizational standards. CC ID 11369 Configuration Preventive
    Configure the "Windows Scaling Heuristics State" setting to organizational standards. CC ID 11372 Configuration Preventive
    Configure the "Obtain Software Package Updates with apt-get" setting to organizational standards. CC ID 11375 Configuration Preventive
    Configure the "display a banner before authentication" setting for "LightDM" to organizational standards. CC ID 11385 Configuration Preventive
    Configure the "shadow" group to organizational standards. CC ID 11386 Configuration Preventive
    Configure the "AppArmor" setting to organizational standards. CC ID 11387 Configuration Preventive
    Configure knowledge-based authentication tools in accordance with organizational standards. CC ID 13740 Configuration Preventive
    Configure the session timeout for the knowledge-based authentication tool used for the identity proofing process according to organizational standards. CC ID 13754 Configuration Preventive
    Configure the knowledge-based authentication tool to restart after a session timeout. CC ID 13753 Configuration Preventive
    Configure the number of attempts allowed to complete the knowledge-based authentication in the knowledge-based authentication tool. CC ID 13751 Configuration Preventive
    Disable or configure the e-mail server, as necessary. CC ID 06563 Configuration Preventive
    Configure e-mail servers to enable receiver-side verification. CC ID 12223 Configuration Preventive
    Configure the e-mail server to prevent it from listening to external interfaces. CC ID 01561 Configuration Preventive
    Configure the "Local-Only Mode" setting for the "Mail Transfer Agent" to organizational standards. CC ID 09940 Configuration Preventive
    Configure the system account settings and the permission settings in accordance with the organizational standards. CC ID 01538 Configuration Preventive
    Configure Windows User Account Control in accordance with organizational standards. CC ID 16437 Configuration Preventive
    Configure the at.allow file with the users who are permitted to use the at facility, as appropriate. CC ID 06005 Configuration Preventive
    Configure the /etc/xinetd.conf file group permissions, as appropriate. CC ID 05994 Configuration Preventive
    Create the default adduser.conf file. CC ID 01581 Configuration Preventive
    Remove unnecessary accounts. CC ID 16476 Technical Security Corrective
    Configure user accounts. CC ID 07036 Configuration Preventive
    Configure account expiration parameters on active accounts. CC ID 01580 Configuration Preventive
    Change default usernames, as necessary. CC ID 14661 Configuration Corrective
    Remove unnecessary default accounts. CC ID 01539 Configuration Preventive
    Disable or delete shared User IDs. CC ID 12478 Configuration Corrective
    Verify that no UID 0 accounts exist other than root. CC ID 01585 Configuration Detective
    Disable or delete generic user IDs. CC ID 12479 Configuration Corrective
    Disable all unnecessary user identifiers. CC ID 02185 Configuration Preventive
    Remove unnecessary user credentials. CC ID 16409 Configuration Preventive
    Remove the root user as appropriate. CC ID 01582 Configuration Preventive
    Disable or remove the null account. CC ID 06572 Configuration Preventive
    Change default accounts. CC ID 16468 Process or Activity Preventive
    Configure accounts with administrative privilege. CC ID 07033 Configuration Preventive
    Employ multifactor authentication for accounts with administrative privilege. CC ID 12496 Technical Security Preventive
    Disable root logons or limit the logons to the system console. CC ID 01573 Configuration Preventive
    Encrypt non-console administrative access. CC ID 00883 Configuration Preventive
    Invoke a strong encryption method before requesting an authenticator. CC ID 11986 Technical Security Preventive
    Configure the default group for the root user. CC ID 01586 Configuration Preventive
    Rename or disable the Administrator Account. CC ID 01721 Configuration Preventive
    Create a backup administrator account. CC ID 04497 Configuration Preventive
    Configure the general user ID parameters. CC ID 02186 Configuration Preventive
    Configure the Master user ID parameters inside the Site Management Complex. CC ID 02187 Configuration Preventive
    Configure the subadministrators user ID parameters. CC ID 02188 Configuration Preventive
    Configure the user account expiration date. CC ID 07101 Configuration Preventive
    Configure User Rights. CC ID 07034 Configuration Preventive
    Configure the "Access this computer from the network" User Right. CC ID 01834 Configuration Preventive
    Configure the "Act as a part of the operating system" User Right. CC ID 01835 Configuration Preventive
    Configure the "Add workstations to domain" User Right setting to organizational standards. CC ID 01836 Configuration Preventive
    Configure the "Adjust memory quotas for a process" User Right. CC ID 01837 Configuration Preventive
    Configure the "Allow log on through Terminal Services" User Right setting to organizational standards. CC ID 01838 Configuration Preventive
    Configure the "Back up files and directories" User Right. CC ID 01839 Configuration Preventive
    Configure the "Bypass traverse checking" User Right. CC ID 01840 Configuration Preventive
    Configure the "Change the system time" User Right. CC ID 01841 Configuration Preventive
    Configure the "Change the time zone" User Right. CC ID 04382 Configuration Preventive
    Configure the "Create a pagefile" User Right. CC ID 01842 Configuration Preventive
    Configure the "Create a token object" User Right. CC ID 01843 Configuration Preventive
    Configure the "Create permanent shared objects" User Right. CC ID 01844 Configuration Preventive
    Configure the "Debug programs" User Right. CC ID 01845 Configuration Preventive
    Configure the "Deny access to this computer from the network" User Right. CC ID 01846 Configuration Preventive
    Configure the "Deny log on as a batch job" User Right setting to organizational standards. CC ID 01847 Configuration Preventive
    Configure the "Deny log on as a service" User Right setting to organizational standards. CC ID 01848 Configuration Preventive
    Configure the "Deny log on locally" User Right setting to organizational standards. CC ID 01849 Configuration Preventive
    Configure the "Deny log on through Terminal Service" User Right setting to organizational standards. CC ID 01850 Configuration Preventive
    Configure the "Enable computer and user accounts to be trusted for delegation" User Right. CC ID 01851 Configuration Preventive
    Configure the "Force shutdown from a remote system" User Right. CC ID 01852 Configuration Preventive
    Configure the "Generate security audits" User Right. CC ID 01853 Configuration Preventive
    Configure the "Increase scheduling priority" User Right. CC ID 01854 Configuration Preventive
    Configure the "Load and unload device drivers" User Right. CC ID 01855 Configuration Preventive
    Configure the "Lock pages in memory" User Right. CC ID 01856 Configuration Preventive
    Configure the "Lock Inactive User Accounts" setting to organizational standards. CC ID 09921 Configuration Preventive
    Configure the "Log on as a batch job" User Right. CC ID 01857 Configuration Preventive
    Configure the "Log on as a service" User Right. CC ID 01858 Configuration Preventive
    Configure the "Allow log on locally" User Right setting to organizational standards. CC ID 01859 Configuration Preventive
    Configure the "Manage auditing and security log" User Right. CC ID 01860 Configuration Preventive
    Configure the "Modify firmware environment values" User Right. CC ID 01861 Configuration Preventive
    Configure the "Perform volume maintenance tasks" User Right. CC ID 01862 Configuration Preventive
    Configure the "Profile single process" User Right. CC ID 01863 Configuration Preventive
    Configure the "Profile system performance" User Right. CC ID 01864 Configuration Preventive
    Configure the "Remove computer from docking station" User Right. CC ID 01865 Configuration Preventive
    Configure the "Replace a process level token" User Right. CC ID 01866 Configuration Preventive
    Configure the "Restore files and directories" User Right. CC ID 01867 Configuration Preventive
    Configure the "Shut down the system" User Right. CC ID 01868 Configuration Preventive
    Configure the "Synchronize directory service data" User Right setting to organizational standards. CC ID 01869 Configuration Preventive
    Configure the "Take ownership of files or other objects" User Right. CC ID 01870 Configuration Preventive
    Configure the "Create global objects" User Right. CC ID 04383 Configuration Preventive
    Configure the "Create symbolic links" User Right. CC ID 04384 Configuration Preventive
    Configure the "Impersonate a client after authentication" User Right. CC ID 04385 Configuration Preventive
    Configure the "Increase a process working set" User Right. CC ID 04386 Configuration Preventive
    Configure file permissions and directory permissions to organizational standards. CC ID 07035 Configuration Preventive
    Configure "SYSVOL" to organizational standards. CC ID 15398 Configuration Preventive
    Configure the Cron log file permissions, as appropriate. CC ID 05998 Configuration Preventive
    Configure the "docker.service" file ownership to organizational standards. CC ID 14477 Configuration Preventive
    Establish and verify the file permissions for the passwd files, the shadow files, and the group files. CC ID 01537 Technical Security Preventive
    Verify uneven file permissions and uneven directory permissions do not occur, except on the WWW directory. CC ID 02159 Configuration Preventive
    Configure the "/dev/kmem" file permissions to organizational standards. CC ID 05449 Configuration Preventive
    Configure the "/dev/mem" file permissions to organizational standards. CC ID 05450 Configuration Preventive
    Configure the "/dev/null" file permissions to organizational standards. CC ID 05451 Configuration Preventive
    Configure the "resolv.conf" file permissions to organizational standards. CC ID 05452 Configuration Preventive
    Configure the "/etc/named.conf" file permissions to organizational standards. CC ID 05453 Configuration Preventive
    Configure the "/etc/group" file permissions to organizational standards. CC ID 05454 Configuration Preventive
    Set the /etc/exports file file permissions properly. CC ID 05455 Configuration Preventive
    Set the /usr/bin/at file file permissions properly. CC ID 05456 Configuration Preventive
    Configure the "/usr/bin/rdist" file permissions to organizational standards. CC ID 05457 Configuration Preventive
    Configure the "/usr/sbin/sync" file permissions to organizational standards. CC ID 05458 Configuration Preventive
    Configure the "aliases" file permissions to organizational standards. CC ID 05460 Configuration Preventive
    Set the file permissions for log file that is configured to capture critical sendmail messages properly. CC ID 05461 Log Management Preventive
    Set the file permissions for all files executed through /etc/aliases file entries properly. CC ID 05462 Configuration Preventive
    Configure the "/bin/csh" file permissions to organizational standards. CC ID 05463 Configuration Preventive
    Configure the "/bin/jsh" file permissions to organizational standards. CC ID 05464 Configuration Preventive
    Configure the "/bin/ksh" file permissions to organizational standards. CC ID 05465 Configuration Preventive
    Configure the "/bin/sh" file permissions to organizational standards. CC ID 05466 Configuration Preventive
    Configure the "/bin/bash" file permissions to organizational standards. CC ID 05467 Configuration Preventive
    Configure the "/sbin/csh" file permissions to organizational standards. CC ID 05468 Configuration Preventive
    Configure the "/sbin/jsh" file permissions to organizational standards. CC ID 05469 Configuration Preventive
    Configure the "/sbin/ksh" file permissions to organizational standards. CC ID 05470 Configuration Preventive
    Configure the "/sbin/sh" file permissions to organizational standards. CC ID 05471 Configuration Preventive
    Configure the "/sbin/bash" file permissions to organizational standards. CC ID 05472 Configuration Preventive
    Configure the "/usr/bin/csh" file permissions to organizational standards. CC ID 05473 Configuration Preventive
    Configure the "/usr/bin/jsh" file permissions to organizational standards. CC ID 05474 Configuration Preventive
    Configure the "/usr/bin/ksh" file permissions to organizational standards. CC ID 05475 Configuration Preventive
    Configure the "/usr/bin/sh" file permissions to organizational standards. CC ID 05476 Configuration Preventive
    Configure the "/usr/bin/bash" file permissions to organizational standards. CC ID 05477 Configuration Preventive
    Configure the "snmpd.conf" file permissions to organizational standards. CC ID 05478 Configuration Preventive
    Configure the "/tmp" file permissions to organizational standards. CC ID 05479 Configuration Preventive
    Configure the "/usr/tmp" file permissions to organizational standards. CC ID 05480 Configuration Preventive
    Configure the ".Xauthority" file permissions to organizational standards. CC ID 05481 Configuration Preventive
    Configure the "/etc/aliases" file permissions to organizational standards. CC ID 05482 Configuration Preventive
    Configure the "/etc/csh" file permissions to organizational standards. CC ID 05483 Configuration Preventive
    Configure the "/etc/default/docker" file permissions to organizational standards. CC ID 14487 Configuration Preventive
    Configure the "/etc/default/docker" file ownership to organizational standards. CC ID 14484 Configuration Preventive
    Configure the "/etc/default/*" file permissions to organizational standards. CC ID 05484 Configuration Preventive
    Configure the "/etc/docker" directory permissions to organizational standards. CC ID 14470 Configuration Preventive
    Configure the "/etc/docker" directory ownership to organizational standards. CC ID 14469 Configuration Preventive
    Set the file permissions for /etc/default/login properly. CC ID 05485 Configuration Preventive
    Configure the "/etc/gshadow" file permissions to organizational standards. CC ID 05486 Configuration Preventive
    Configure the "/etc/host.lpd" file permissions to organizational standards. CC ID 05487 Configuration Preventive
    Configure the "/etc/hostname*" file permissions to organizational standards. CC ID 05488 Configuration Preventive
    Configure the "/etc/hosts" file permissions to organizational standards. CC ID 05489 Configuration Preventive
    Set the /etc/inetd.conf file file permissions properly. CC ID 05490 Configuration Preventive
    Configure the "/etc/issue" file permissions to organizational standards. CC ID 05491 Configuration Preventive
    Configure the "/etc/jsh" file permissions to organizational standards. CC ID 05492 Configuration Preventive
    Configure the "/etc/kubernetes/pki/*.crt" file permissions to organizational standards. CC ID 14562 Configuration Preventive
    Configure the "/etc/kubernetes/pki/*.key" file permissions to organizational standards. CC ID 14557 Configuration Preventive
    Configure the "/etc/kubernetes/pki" file ownership to organizational standards. CC ID 14555 Configuration Preventive
    Configure the "/etc/ksh" file permissions to organizational standards. CC ID 05493 Configuration Preventive
    Configure the "/etc/mail/aliases" file permissions to organizational standards. CC ID 05494 Configuration Preventive
    Configure the "/etc/motd" file permissions to organizational standards. CC ID 05495 Configuration Preventive
    Configure the "/etc/netconfig" file permissions to organizational standards. CC ID 05496 Configuration Preventive
    Configure the "/etc/notrouter" file permissions to organizational standards. CC ID 05497 Configuration Preventive
    Configure the "/etc/passwd" file permissions to organizational standards. CC ID 05498 Configuration Preventive
    Configure the "/etc/security" file permissions to organizational standards. CC ID 05499 Configuration Preventive
    Configure the "/etc/services" file permissions to organizational standards. CC ID 05500 Configuration Preventive
    Configure the "/etc/sysconfig/docker" file ownership to organizational standards. CC ID 14491 Configuration Preventive
    Configure the "/etc/sh" file permissions to organizational standards. CC ID 05501 Configuration Preventive
    Configure the "/etc/sysconfig/docker" file permissions to organizational standards. CC ID 14486 Configuration Preventive
    Configure the "/etc/shadow" file permissions to organizational standards. CC ID 05502 Configuration Preventive
    Configure the "docker.socket" file ownership to organizational standards. CC ID 14472 Configuration Preventive
    Configure the "/etc/syslog.conf" file permissions to organizational standards. CC ID 05503 Configuration Preventive
    Configure the "/etc/fstab" file permissions to organizational standards. CC ID 05504 Configuration Preventive
    Configure the "docker.socket" file permissions to organizational standards. CC ID 14468 Configuration Preventive
    Configure the "/var/adm/messages" file permissions to organizational standards. CC ID 05505 Configuration Preventive
    Configure the "/var/adm/sulog" file permissions to organizational standards. CC ID 05506 Configuration Preventive
    Configure the "/var/adm/utmp" file permissions to organizational standards. CC ID 05507 Configuration Preventive
    Configure the "/var/adm/wtmp" file permissions to organizational standards. CC ID 05508 Configuration Preventive
    Configure the "/var/adm/authlog" file permissions to organizational standards. CC ID 05509 Configuration Preventive
    Configure the "/var/adm/syslog" file permissions to organizational standards. CC ID 05510 Configuration Preventive
    Configure the "/var/mail" file permissions to organizational standards. CC ID 05511 Configuration Preventive
    Configure the "/var/tmp" file permissions to organizational standards. CC ID 05512 Configuration Preventive
    Configure the "/usr/lib/pt_chmod" file permissions to organizational standards. CC ID 05513 Configuration Preventive
    Configure the "/usr/lib/embedded_us" file permissions to organizational standards. CC ID 05514 Configuration Preventive
    Configure the "/usr/kerberos/bin/rsh" file permissions to organizational standards. CC ID 05515 Configuration Preventive
    Configure the "/var/spool/mail" file permissions to organizational standards. CC ID 05516 Configuration Preventive
    Configure the "smbpasswd" file permissions to organizational standards. CC ID 05517 Configuration Preventive
    Configure the "/usr/lib/sendmail" file permissions to organizational standards. CC ID 05518 Configuration Preventive
    Set the /etc/security/audit/config file file permissions properly. CC ID 05519 Configuration Preventive
    Set the /etc/security/audit/events file file permissions properly. CC ID 05520 Configuration Preventive
    Set the /etc/security/audit/objects file file permissions properly. CC ID 05521 Configuration Preventive
    Set the /usr/lib/trcload file file permissions properly. CC ID 05522 Configuration Preventive
    Set the /usr/lib/semutil file file permissions properly. CC ID 05523 Configuration Preventive
    Set the /etc/rc.config.d/auditing file file permissions properly. CC ID 05524 Configuration Preventive
    Configure the "/etc/init.d" file permissions to organizational standards. CC ID 05525 Configuration Preventive
    Set the /etc/hosts.lpd file file permissions properly. CC ID 05526 Configuration Preventive
    Configure the "/etc/pam.conf" file permissions to organizational standards. CC ID 05527 Configuration Preventive
    Configure the "/boot/grub/grub.conf" file permissions to organizational standards. CC ID 05528 Configuration Preventive
    Configure the "/etc/grub.conf" file permissions to organizational standards. CC ID 05529 Configuration Preventive
    Configure the "/etc/lilo.conf" file permissions to organizational standards. CC ID 05530 Configuration Preventive
    Set the file permissions for /etc/login.access properly. CC ID 05531 Configuration Preventive
    Configure the "docker.service" file permissions to organizational standards. CC ID 14479 Configuration Preventive
    Configure the "/etc/security/access.conf" file permissions to organizational standards. CC ID 05532 Configuration Preventive
    Configure the "/etc/sysctl.conf" file permissions to organizational standards. CC ID 05533 Configuration Preventive
    Configure the "/etc/securetty" file permissions to organizational standards. CC ID 05534 Configuration Preventive
    Configure the "/etc/audit/auditd.conf" file permissions to organizational standards. CC ID 05535 Configuration Preventive
    Configure the "audit.rules" file permissions to organizational standards. CC ID 05536 Configuration Preventive
    Set the /usr/sbin/userhelper file file permissions properly. CC ID 05537 Configuration Preventive
    Set the file permissions for all syslog log files properly. CC ID 05538 Configuration Preventive
    Set the /etc/anacrontab file file permissions properly. CC ID 05543 Configuration Preventive
    Set the /etc/pki/tls/CA/cacert.pem file file permissions properly. CC ID 05544 Configuration Preventive
    Set the /etc/pki/tls/ldap/serverkey.pem file file permissions properly. CC ID 05545 Configuration Preventive
    Set the /etc/pki/tls/ldap/servercert.pem file file permissions properly. CC ID 05546 Configuration Preventive
    Set the /etc/pki/tls/ldap file file permissions properly. CC ID 05547 Configuration Preventive
    Set the /etc/httpd/conf file file permissions properly. CC ID 05548 Configuration Preventive
    Set the /etc/httpd/conf/* file file permissions properly. CC ID 05549 Configuration Preventive
    Set the /usr/sbin/httpd file file permissions properly. CC ID 05550 Configuration Preventive
    Set the /var/log/httpd file file permissions properly. CC ID 05551 Configuration Preventive
    Set the daemon debug log file file permissions properly. CC ID 05552 Configuration Preventive
    Set the Cron log file file permissions properly. CC ID 05553 Configuration Preventive
    Set the file permissions for system accounting properly. CC ID 05554 Configuration Preventive
    Set the /etc/dfs file file permissions properly. CC ID 05555 Configuration Preventive
    Set the /etc/fs file permissions properly. CC ID 05556 Configuration Preventive
    Set the /etc/ufs file file permissions properly. CC ID 05557 Configuration Preventive
    Set the /etc/vfstab file file permissions properly. CC ID 05558 Configuration Preventive
    Set the vold.conf file permissions properly. CC ID 05559 Configuration Preventive
    Configure the "Docker socket" file ownership to organizational standards. CC ID 14493 Configuration Preventive
    Configure the "daemon.json" file permissions to organizational standards. CC ID 14492 Configuration Preventive
    Set the ASET userlist file permissions properly. CC ID 05560 Configuration Preventive
    Set the /etc/rmmount.conf file file permissions properly. CC ID 05561 Configuration Preventive
    Configure the "Docker server certificate" file ownership to organizational standards. CC ID 14471 Configuration Preventive
    Configure the "Docker server certificate key" file permissions to organizational standards. CC ID 14485 Configuration Preventive
    Set the /etc/security/audit_control file file permissions properly. CC ID 05563 Configuration Preventive
    Configure the "daemon.json" file ownership to organizational standards. CC ID 14482 Configuration Preventive
    Configure the "Docker socket" file permissions to organizational standards. CC ID 14480 Configuration Preventive
    Set the /etc/security/audit_class file file permissions properly. CC ID 05564 Configuration Preventive
    Configure the "Docker server certificate key" file ownership to organizational standards. CC ID 14478 Configuration Preventive
    Configure the "admin.conf" file ownership to organizational standards. CC ID 14556 Configuration Preventive
    Set the /etc/security/audit_event file file permissions properly. CC ID 05565 Configuration Preventive
    Configure the "admin.conf" file permissions to organizational standards. CC ID 14554 Configuration Preventive
    Configure the "Certificate Authority" file ownership to organizational standards. CC ID 14630 Configuration Preventive
    Configure the "Docker server certificate" file permissions to organizational standards. CC ID 14476 Configuration Preventive
    Configure the "etcd" data directory ownership to organizational standards. CC ID 14620 Configuration Preventive
    Configure the "etcd" data directory permissions to organizational standards. CC ID 14618 Configuration Preventive
    Configure the "etcd.yaml" file ownership to organizational standards. CC ID 14615 Configuration Preventive
    Configure the "etcd.yaml" file permissions to organizational standards. CC ID 14609 Configuration Preventive
    Configure the file permissions for at.allow, as appropriate. CC ID 05995 Configuration Preventive
    Configure the file permissions for at.deny, as appropriate. CC ID 05996 Configuration Preventive
    Configure the file permissions for cron.allow, as appropriate. CC ID 05999 Configuration Preventive
    Configure the file permissions for cron.deny, as appropriate. CC ID 06000 Configuration Preventive
    Configure the "Certificate Authority" file permissions to organizational standards. CC ID 14623 Configuration Preventive
    Configure the file permissions for /usr/bin/at file, as appropriate. CC ID 06001 Configuration Preventive
    Configure the "kubelet --config" file ownership to organizational standards. CC ID 14632 Configuration Preventive
    Configure the file permissions for the /etc/cron.daily file, as appropriate. CC ID 06008 Configuration Preventive
    Configure the "kubelet.conf" file ownership to organizational standards. CC ID 14628 Configuration Preventive
    Configure the "kubelet --config" file permissions to organizational standards. CC ID 14625 Configuration Preventive
    Configure the file permissions for the /etc/cron.weekly file, as appropriate. CC ID 06009 Configuration Preventive
    Configure the file permissions for the /etc/cron.hourly file, as appropriate. CC ID 06010 Configuration Preventive
    Configure the "kubelet service" file permissions to organizational standards. CC ID 14660 Configuration Preventive
    Configure the "kubelet.conf" file permissions to organizational standards. CC ID 14619 Configuration Preventive
    Configure the "controller-manager.conf" file ownership to organizational standards. CC ID 14560 Configuration Preventive
    Configure the "kubeconfig" file ownership to organizational standards. CC ID 14617 Configuration Preventive
    Configure the "kubeconfig" file permissions to organizational standards. CC ID 14616 Configuration Preventive
    Configure the file permissions for the /etc/cron.monthly file, as appropriate. CC ID 06013 Configuration Preventive
    Configure the "kubelet service" file ownership to organizational standards. CC ID 14612 Configuration Preventive
    Configure the "kube-scheduler.yaml" file ownership to organizational standards. CC ID 14611 Configuration Preventive
    Configure the file permissions for all user home directories, as appropriate. CC ID 06019 Configuration Preventive
    Configure the "kube-scheduler.yaml" file permissions to organizational standards. CC ID 14603 Configuration Preventive
    Configure the "kube-controller-manager.yaml" file ownership to organizational standards. CC ID 14600 Configuration Preventive
    Configure the "kube-controller-manager.yaml" file permissions to organizational standards. CC ID 14598 Configuration Preventive
    Configure the "kube-apiserver.yaml" file ownership to organizational standards. CC ID 14597 Configuration Preventive
    Configure the "scheduler.conf" file ownership to organizational standards. CC ID 14558 Configuration Preventive
    Configure the .netrc file permissions, as necessary. CC ID 06022 Configuration Preventive
    Configure the "all rsyslog log files" permissions to organizational standards. CC ID 08748 Establish/Maintain Documentation Preventive
    Configure the "controller-manager.conf" file permissions to organizational standards. CC ID 14553 Configuration Preventive
    Configure the "Container Network Interface" file ownership to organizational standards. CC ID 14552 Configuration Preventive
    Configure the "Container Network Interface" file permissions to organizational standards. CC ID 14550 Configuration Preventive
    Configure the "crontab" directory permissions to organizational standards. CC ID 08967 Configuration Preventive
    Configure the "scheduler.conf" file permissions to organizational standards. CC ID 14551 Configuration Preventive
    Configure the "crontab" file permissions to organizational standards. CC ID 08968 Configuration Preventive
    Configure the "kube-apiserver.yaml" file permissions to organizational standards. CC ID 14549 Configuration Preventive
    Configure the "traceroute executable" file permissions to organizational standards. CC ID 08979 Configuration Preventive
    Configure the "httpd.conf" file permissions to organizational standards. CC ID 09041 Configuration Preventive
    Configure the "/etc/httpd/conf/passwd" file permissions to organizational standards. CC ID 09042 Configuration Preventive
    Configure the "/usr/sbin/apachectl" file permissions to organizational standards. CC ID 09043 Configuration Preventive
    Configure the "/var/www/html" file permissions to organizational standards. CC ID 09044 Configuration Preventive
    Configure the "apache configuration" directory permissions to organizational standards. CC ID 09045 Configuration Preventive
    Configure the "htpasswd" file permissions to organizational standards. CC ID 09057 Configuration Preventive
    Configure all "files specified by CustomLogs" file permissions to organizational standards. CC ID 09073 Configuration Preventive
    Configure the "apache /bin" directory permissions to organizational standards. CC ID 09093 Configuration Preventive
    Configure the "apache /logs" directory permissions to organizational standards. CC ID 09096 Configuration Preventive
    Configure the "registry certificate" file permissions to organizational standards. CC ID 14483 Configuration Preventive
    Configure the "apache /htdocs" directory permissions to organizational standards. CC ID 09099 Configuration Preventive
    Configure the "registry certificate" file ownership to organizational standards. CC ID 14481 Configuration Preventive
    Configure the "apache /cgi-bin" directory permissions to organizational standards. CC ID 09102 Configuration Preventive
    Configure the "cgi-bin" directory permissions to organizational standards. CC ID 09103 Configuration Preventive
    Configure the "apache process ID" file permissions to organizational standards. CC ID 09124 Configuration Preventive
    Configure the "apache scoreboard" file permissions to organizational standards. CC ID 09127 Configuration Preventive
    Configure the "htpasswd.exe" file permissions to organizational standards. CC ID 09143 Configuration Preventive
    Configure the "setgid" permissions to organizational standards. CC ID 14513 Configuration Preventive
    Configure the "TLS CA certificate" file permissions to organizational standards. CC ID 14475 Configuration Preventive
    Configure the "TLS CA certificate" file ownership to organizational standards. CC ID 14473 Configuration Preventive
    Configure the "apache /config" directory permissions to organizational standards. CC ID 09144 Configuration Preventive
    Configure the "%SystemRoot%System32wscript.exe" file permissions to organizational standards. CC ID 09145 Configuration Preventive
    Configure the "%SystemRoot%System32cscript.exe" file permissions to organizational standards. CC ID 09146 Configuration Preventive
    Configure the "apache's process ID" file permissions to organizational standards. CC ID 09148 Configuration Preventive
    Configure the "/etc/httpd/conf.d" file permissions to organizational standards. CC ID 09149 Configuration Preventive
    Configure the "setuid" permissions to organizational standards. CC ID 14509 Configuration Preventive
    Configure the "Web Root 'Images'" directory permissions to organizational standards. CC ID 09191 Configuration Preventive
    Configure the "Web Root 'scripts'" directory permissions to organizational standards. CC ID 09192 Configuration Preventive
    Configure the "Web Root 'executables'" directory permissions to organizational standards. CC ID 09193 Configuration Preventive
    Configure the "Web Root 'docs'" directory permissions to organizational standards. CC ID 09194 Configuration Preventive
    Configure the "Web Root 'home'" directory permissions to organizational standards. CC ID 09195 Configuration Preventive
    Configure the "Web Root 'include'" directory permissions to organizational standards. CC ID 09196 Configuration Preventive
    Configure the "default Logfiles" directory permissions to organizational standards. CC ID 09197 Configuration Preventive
    Configure the "Inetpub" directory permissions to organizational standards. CC ID 09221 Configuration Preventive
    Configure the "inetsrv" directory permissions to organizational standards. CC ID 09222 Configuration Preventive
    Configure the "inetsrvasp.dll" file permissions to organizational standards. CC ID 09223 Configuration Preventive
    Configure the "Web Root" directory permissions . to organizational standards CC ID 09224 Configuration Preventive
    Configure the "files located in the folder specified by the Logger component (server.xml)" file permissions to organizational standards. CC ID 09733 Configuration Preventive
    Configure the "webapps" directory permissions to organizational standards. CC ID 09734 Configuration Preventive
    Configure the "tomcat installation" directory permissions to organizational standards. CC ID 09735 Configuration Preventive
    Configure the "tomcat /bin" directory permissions to organizational standards. CC ID 09736 Configuration Preventive
    Configure the "tomcat /common" directory permissions to organizational standards. CC ID 09737 Configuration Preventive
    Configure the "tomcat /conf" directory permissions to organizational standards. CC ID 09738 Configuration Preventive
    Configure the "tomcat /logs" directory permissions to organizational standards. CC ID 09739 Configuration Preventive
    Configure the "tomcat /server" directory permissions to organizational standards. CC ID 09740 Configuration Preventive
    Configure the "tomcat /shared" directory permissions to organizational standards. CC ID 09741 Configuration Preventive
    Configure the "tomcat /webapps" directory permissions to organizational standards. CC ID 09742 Configuration Preventive
    Configure the "tomcat /work" directory permissions to organizational standards. CC ID 09743 Configuration Preventive
    Configure the "tomcat /temp" directory permissions to organizational standards. CC ID 09744 Configuration Preventive
    Configure the "tomcat-users.xml" file permissions to organizational standards. CC ID 09778 Configuration Preventive
    Configure the "Tomcat home" directory permissions to organizational standards. CC ID 09799 Configuration Preventive
    Configure the "Tomcat home/conf/" directory permissions to organizational standards. CC ID 09802 Configuration Preventive
    Configure the "SerializedSystemIni.dat" file permissions to organizational standards. CC ID 09860 Configuration Preventive
    Configure the "Keystore" file permissions to organizational standards. CC ID 09900 Configuration Preventive
    Configure the "Weblogic Server Product Installation" directory permissions to organizational standards. CC ID 09902 Configuration Preventive
    Configure the "Domain Home" directory permissions to organizational standards. CC ID 09903 Configuration Preventive
    Configure the "Middleware Home" directory permissions to organizational standards. CC ID 09907 Configuration Preventive
    Restrict at/cron to authorized users. CC ID 01572 Configuration Preventive
    Configure the system to need authentication for single user mode. CC ID 01577 Configuration Preventive
    Configure the system to block certain system accounts. CC ID 01578 Configuration Preventive
    Verify that there are no accounts with empty password fields. CC ID 01579 Configuration Preventive
    Use standards-based encryption for encryption, hashing, and signing. CC ID 01583 Configuration Preventive
    Configure symbolic permissions for the passwd file, shadow file, and group files to organizational standards. CC ID 01584 Configuration Detective
    Configure the "dCOM: Machine access restrictions in Security Descriptor Definition Language (sddl)" setting. CC ID 01726 Configuration Preventive
    Configure the "dCOM: Machine launch restrictions in Security Descriptor Definition Language (sddl)" setting to organizational standards. CC ID 01727 Configuration Preventive
    Configure the root $PATH to not have any "." directories, group directories or world writable directories. CC ID 01587 Configuration Preventive
    Configure user home directories to be mode 750 or more restrictive. CC ID 01588 Configuration Preventive
    Configure user dot-files to not be group or world-writable. CC ID 01589 Configuration Preventive
    Remove .netrc files. CC ID 01590 Configuration Preventive
    Configure default UMASK for users. CC ID 01591 Configuration Preventive
    Configure the default UMASK for FTP users. CC ID 01592 Configuration Preventive
    Configure the "mesg n" as default for all users. CC ID 01593 Configuration Preventive
    Configure the system to restrict access to the root user from the su command. CC ID 01595 Configuration Preventive
    Establish, implement, and maintain an account lockout policy. CC ID 01709 Establish/Maintain Documentation Preventive
    Configure Restricted groups. CC ID 01928 Configuration Preventive
    Configure the run control scripts permissions. CC ID 02160 Configuration Preventive
    Configure root to be the Traceroute command owner. CC ID 02165 Configuration Preventive
    Coordinate the User ID access restrictions with the site-unique configuration file, the UOSS control file, and the Tape File Configuration Transfer file. CC ID 02192 Configuration Preventive
    Refrain from displaying user information when the system is locked. CC ID 04302 Configuration Preventive
    Configure systems to prevent dial-up passwords from being saved. CC ID 04303 Configuration Preventive
    Configure the "Always prompt client for password upon connection" setting. CC ID 04317 Configuration Preventive
    Configure the "Do not allow passwords to be saved" setting. CC ID 04320 Configuration Preventive
    Configure the "User Account Control: Admin Approval Mode for the Built-in Administrator account" setting. CC ID 04388 Configuration Preventive
    Configure the "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" setting. CC ID 04389 Configuration Preventive
    Configure the "User Account Control: Behavior of the elevation prompt for standard users" setting. CC ID 04390 Configuration Preventive
    Configure the "User Account Control: Detect application installations and prompt for elevation" setting. CC ID 04391 Configuration Preventive
    Configure the "User Account Control: Only elevate executables that are signed and validated" setting. CC ID 04392 Configuration Preventive
    Configure the "User Account Control: Only elevate UIAccess applications that are installed in secure locations" setting. CC ID 04393 Configuration Preventive
    Configure the "User Account Control: Run all administrators in Admin Approval Mode" setting. CC ID 04394 Configuration Preventive
    Configure the "User Account Control: Switch to the secure desktop when prompting for elevation" setting. CC ID 04395 Configuration Preventive
    Configure the "User Account Control: Virtualize file and registry write failures to per-user locations" setting. CC ID 04396 Configuration Preventive
    Configure the "Enumerate administrator accounts on elevation" setting. CC ID 04403 Configuration Preventive
    Configure the "Required trusted path for credential entry" setting. CC ID 04404 Configuration Preventive
    Require proper authentication prior to accessing NetWare's eGuide. CC ID 04450 Configuration Preventive
    Disable the SAdmin account and SDebug account in NetWare. CC ID 04458 Configuration Preventive
    Configure the system to prevent helper applications from changing client rights. CC ID 04464 Configuration Preventive
    Delete authenticator hint field contents or authenticator hint field files. CC ID 04477 Configuration Preventive
    Configure the "Limit number of simultaneous connections" setting to organizational standards. CC ID 04511 Configuration Preventive
    Configure the "Do not allow local administrators to customize permissions" setting to organizational standards. CC ID 04512 Configuration Preventive
    Configure the default Distributed Component Object Model authorization level to 'connect' or higher. CC ID 04528 Configuration Preventive
    Configure the "Network access: Shares that can be accessed anonymously" setting. CC ID 04533 Configuration Preventive
    Configure domain-connected workstations to not have any local user accounts. CC ID 04535 Configuration Preventive
    Configure printers to only accept print jobs from known print spoolers. CC ID 04812 Configuration Preventive
    Configure print spoolers to accept jobs from authorized users only. CC ID 04813 Configuration Preventive
    Prevent Multi-Function Devices from connecting to networks routing restricted data, unless authorized. CC ID 04815 Configuration Preventive
    Restrict access to remote file shares. CC ID 04817 Configuration Preventive
    Configure Multi-Function Devices to prevent non-printer administrators from altering the global configuration file. CC ID 04818 Configuration Preventive
    Configure the user's .forward file to mode 600. CC ID 04848 Configuration Preventive
    Configure the GID of accounts other than root and locked system accounts properly. CC ID 05448 Configuration Preventive
    Set the smbpasswd executable permissions properly. CC ID 05459 Configuration Preventive
    Grant or reject sudo privileges to the wheel group, as appropriate. CC ID 05539 Configuration Preventive
    Set the /var/log/pamlog log permissions properly. CC ID 05562 Configuration Preventive
    Restrict the audit log permissions. CC ID 05566 Configuration Preventive
    Use the pkgchk utility to force default settings and to verify the ownership, group ownership, and access permissions for installed packages. CC ID 05567 Configuration Preventive
    Configure role-based access control (RBAC) caching elements to organizational standards. CC ID 05568 Configuration Preventive
    Verify all device files are located in an appropriate directory. CC ID 05571 Records Management Preventive
    Configure the read-only option for all NFS exports. CC ID 05572 Configuration Preventive
    Configure access controls through /etc/login.access and access.conf for non-superusers. CC ID 05573 Configuration Preventive
    Enable or disable root login via Secure Shell, as appropriate. CC ID 05574 Configuration Preventive
    Verify the ftpusers file restricts access to certain accounts. CC ID 05575 Configuration Preventive
    Enable or disable SSH host-based authentication, as appropriate. CC ID 05576 Configuration Preventive
    Configure the environmental variable path properly. CC ID 05577 Configuration Preventive
    Configure local initialization files and global initialization files to allow or deny write access to the terminal, as appropriate. CC ID 05578 Configuration Preventive
    Verify user .shosts files exist or not, as appropriate. CC ID 05579 Configuration Preventive
    Set the default umask for the bash shell properly for all users. CC ID 05580 Configuration Preventive
    Set the default umask for the csh shell properly for all users. CC ID 05581 Configuration Preventive
    Configure the system umask properly. CC ID 05582 Configuration Preventive
    Verify console device ownership is restricted to root-only, as appropriate. CC ID 05583 Configuration Preventive
    Configure the "Access credential Manager as a trusted caller" User Right properly. CC ID 05584 Configuration Preventive
    Restrict the right of modifying an Object label. CC ID 05585 Configuration Preventive
    Configure the "User Account Control: Allow UIAccess applications to prompt for elevation" setting. CC ID 05586 Configuration Preventive
    Configure the "Do Not Allow New Client Connections" policy for Terminal Services properly. CC ID 05587 Configuration Preventive
    Configure the "Remote Control Settings" policy for Terminal Services properly. CC ID 05588 Configuration Preventive
    Configure the Cron directory permissions to organizational standards. CC ID 05997 Configuration Preventive
    Configure the cron.allow file with the user group permitted to use the cron facility, as appropriate. CC ID 06002 Configuration Preventive
    Configure the cron.deny file with the user set permitted to use the cron facility, as appropriate. CC ID 06003 Configuration Preventive
    Configure the Cron directories to be owned by an appropriate user and group. CC ID 06004 Configuration Preventive
    Configure the at.deny file with the user set permitted to use the at facility, as appropriate. CC ID 06006 Configuration Preventive
    Configure the /etc/cron.monthly file to be owned by an appropriate user or group. CC ID 06007 Configuration Preventive
    Configure /etc/cron.hourly to be owned by an appropriate user or group. CC ID 06011 Configuration Preventive
    Configure /etc/cron.daily to be owned by an appropriate user or group. CC ID 06012 Configuration Preventive
    Configure the home directory for the root user, as appropriate. CC ID 06017 Configuration Preventive
    Configure the home directory for each user account, as appropriate. CC ID 06018 Configuration Preventive
    Configure the home directory permissions for the Superuser account, as appropriate. CC ID 06020 Configuration Preventive
    Configure each user home directory to be owned by an appropriate user or group. CC ID 06021 Configuration Preventive
    Configure the world-write permissions for all files, as appropriate. CC ID 06026 Configuration Preventive
    Configure and assign the correct service permissions for the SNMP Service. CC ID 06041 Configuration Preventive
    Configure the service permissions for NetMeeting, as appropriate. CC ID 06045 Configuration Preventive
    Configure the "Allow log on through Remote Desktop Services" User Right properly. CC ID 06062 Configuration Preventive
    Configure the "Deny log on through Remote Desktop Services" User Right properly. CC ID 06063 Configuration Preventive
    Remove all members found in the Windows OS Power Users Group. CC ID 06573 Configuration Preventive
    Configure the "sudo" to organizational standards. CC ID 15325 Configuration Preventive
    Require users to use the 'sudo' command when accessing the root account. CC ID 06736 Configuration Preventive
    Configure the "log all su (switch user) activity" setting to organizational standards. CC ID 08965 Configuration Preventive
    Configure the "status" of the "apache" account to organizational standards. CC ID 09018 Configuration Preventive
    Configure the "apache" account group membership to organizational standards. CC ID 09033 Configuration Preventive
    Configure the "CustomLog" files permissions to organizational standards. CC ID 09051 Configuration Preventive
    Configure the "ErrorLog" files permissions to organizational standards. CC ID 09052 Configuration Preventive
    Configure the "default webpage" for "all readable apache web document directories" to organizational standards. CC ID 09071 Configuration Preventive
    Configure the "ScriptAlias" directories permissions to organizational standards. CC ID 09078 Configuration Preventive
    Configure the "ScriptAliasMatch" directories permissions to organizational standards. CC ID 09081 Configuration Preventive
    Configure the "DocumentRoot" directories permissions to organizational standards. CC ID 09084 Configuration Preventive
    Configure the "Alias" directories permissions to organizational standards. CC ID 09087 Configuration Preventive
    Configure the "ServerRoot" directories permissions to organizational standards. CC ID 09090 Configuration Preventive
    Configure the "Enable Logging" setting for the "master home directory" to organizational standards. CC ID 09156 Configuration Preventive
    Configure the "Read" permission for the "master home directory" to organizational standards. CC ID 09157 Configuration Preventive
    Configure the "Write" permission for the "master home directory" to organizational standards. CC ID 09158 Configuration Preventive
    Configure the "Script Source Access" permission for the "master home directory" to organizational standards. CC ID 09159 Configuration Preventive
    Configure the "Directory Browsing" permission for the "master home directory" to organizational standards. CC ID 09160 Configuration Preventive
    Configure the "Log Visits" permission for the "master home directory" to organizational standards. CC ID 09161 Configuration Preventive
    Configure the "Index this resource" permission for the "master home directory" to organizational standards. CC ID 09162 Configuration Preventive
    Configure the "Execute Permissions" permission for the "master home directory" to organizational standards. CC ID 09163 Configuration Preventive
    Configure the "Anonymous Access" permission for the "master home directory" to organizational standards. CC ID 09164 Configuration Preventive
    Configure the "Basic Authentication" setting for the "master home directory" to organizational standards. CC ID 09165 Configuration Preventive
    Configure the "Integrated Windows Authentication" setting for the "master home directory" to organizational standards. CC ID 09166 Configuration Preventive
    Configure the "Read" permission" for the "website home directory" to organizational standards. CC ID 09168 Configuration Preventive
    Configure the "Write" privilege for the "website home directory" to organizational standards. CC ID 09169 Configuration Preventive
    Configure the "Script Source Access" permission for the "website home directory" to organizational standards. CC ID 09170 Configuration Preventive
    Configure the "Directory Browsing" permission for the "website home directory" to organizational standards. CC ID 09171 Configuration Preventive
    Configure the "Log Visits" permission for the "website home directory" to organizational standards. CC ID 09172 Configuration Preventive
    Configure the "Index this resource" permission for the "website home directory" to organizational standards. CC ID 09173 Configuration Preventive
    Configure the "Execute Permissions" permission to organizational standards. CC ID 09174 Configuration Preventive
    Configure the "Anonymous Access" permission for the "website home directory" to organizational standards. CC ID 09175 Configuration Preventive
    Configure the "file auditing" setting for the "\%SystemRoot%System32Inetsrv" directory to organizational standards. CC ID 09198 Configuration Preventive
    Configure the "membership" of the "IUSR" account to organizational standards. CC ID 09213 Configuration Preventive
    Configure the "IUSR" account to organizational standards. CC ID 09214 Configuration Preventive
    Configure the "file auditing" setting for the "Inetpub" directory to organizational standards. CC ID 09225 Configuration Preventive
    Configure the "file auditing" setting for the "Web Root" directory to organizational standards. CC ID 09226 Configuration Preventive
    Configure the "file auditing" setting for the "Metaback" directory to organizational standards. CC ID 09227 Configuration Preventive
    Configure the "IWAM" account to organizational standards. CC ID 09228 Configuration Preventive
    Configure the "Application object owner" accounts to organizational standards. CC ID 09257 Configuration Preventive
    Configure the "system tables" permissions to organizational standards. CC ID 09260 Configuration Preventive
    Configure the "DDL" permissions to organizational standards. CC ID 09261 Configuration Preventive
    Configure the "WITH GRANT OPTION" permissions to organizational standards. CC ID 09262 Configuration Preventive
    Configure the "Object" permissions for the "PUBLIC or GUEST" account to organizational standards. CC ID 09263 Configuration Preventive
    Configure the "restore database data or other DBMS configurations, features or objects" permissions to organizational standards. CC ID 09267 Configuration Preventive
    Configure the "SQL Server Database Service" account to organizational standards. CC ID 09273 Configuration Preventive
    Configure the "SQL Server Agent" account to organizational standards. CC ID 09274 Configuration Preventive
    Configure the "SQL Server registry keys and sub-keys" permissions to organizational standards. CC ID 09276 Configuration Preventive
    Configure the "built-in sa" account to organizational standards. CC ID 09298 Configuration Preventive
    Configure the "audit access" setting for the "ErrorDumpDir" directory to organizational standards. CC ID 09299 Configuration Preventive
    Configure the "audit access" setting for the "DefaultLog " file to organizational standards. CC ID 09300 Configuration Preventive
    Configure the "audit access" setting for the "ErrorLog" File to organizational standards. CC ID 09301 Configuration Preventive
    Configure the "audit access" setting for the "SQLPath " directory to organizational standards. CC ID 09302 Configuration Preventive
    Configure the "audit access" setting for the " BackupDirectory " directory to organizational standards. CC ID 09303 Configuration Preventive
    Configure the "audit access" setting for the "FullTextDefaultPath " directory to organizational standards. CC ID 09304 Configuration Preventive
    Configure the "audit access" setting for the "WorkingDirectory " directory to organizational standards. CC ID 09305 Configuration Preventive
    Configure the "audit access" setting for the "SQLBinRoot " directory to organizational standards. CC ID 09306 Configuration Preventive
    Configure the "audit access" setting for the "SQLDataRoot " directory to organizational standards. CC ID 09307 Configuration Preventive
    Configure the "audit access" setting for the "SQLProgramDir " directory to organizational standards. CC ID 09308 Configuration Preventive
    Configure the "audit access" setting for the "DataDir " directory to organizational standards. CC ID 09309 Configuration Preventive
    Configure the "Analysis Services" account to organizational standards. CC ID 09318 Configuration Preventive
    Configure the "Integration Services" account to organizational standards. CC ID 09319 Configuration Preventive
    Configure the "Reporting Services" account to organizational standards. CC ID 09320 Configuration Preventive
    Configure the "Notification Services" account to organizational standards. CC ID 09321 Configuration Preventive
    Configure the "Full Text Search" account to organizational standards. CC ID 09322 Configuration Preventive
    Configure the "SQL Server Browser" account to organizational standards. CC ID 09323 Configuration Preventive
    Configure the "SQL Server Active Directory Helper" account to organizational standards. CC ID 09324 Configuration Preventive
    Configure the "SQL Writer" account to organizational standards. CC ID 09325 Configuration Preventive
    Configure the "SQL Server MSSearch" registry key permissions to organizational standards. CC ID 09327 Configuration Preventive
    Configure the "SQL Server Agent" registry key permissions to organizational standards. CC ID 09328 Configuration Preventive
    Configure the "SQL Server RS" registry key permissions to organizational standards. CC ID 09330 Configuration Preventive
    Configure the "Reporting Services Windows Integrated Security" accounts to organizational standards. CC ID 09347 Configuration Preventive
    Configure the "permissions" of the "SQL Server Agent proxy" accounts to organizational standards. CC ID 09352 Configuration Preventive
    Configure the "default webpage" for "all readable Tomcat Apache web document" directories to organizational standards. CC ID 09729 Configuration Preventive
    Configure the "account" setting for "Tomcat" to organizational standards. CC ID 09792 Configuration Preventive
    Configure the "specified codebase" permissions to organizational standards. CC ID 09796 Configuration Preventive
    Configure the "property read permission" for the "Tomcat web application JVM" to organizational standards. CC ID 09813 Configuration Preventive
    Configure the "property write permission" for the "Tomcat web application JVM" to organizational standards. CC ID 09814 Configuration Preventive
    Configure the "status of the "Tomcat" account to organizational standards. CC ID 09815 Configuration Preventive
    Configure the "user account" for "Oracle WebLogic Server" to organizational standards. CC ID 09823 Configuration Preventive
    Configure the "Keystores" permission in "directories" to organizational standards. CC ID 09901 Configuration Preventive
    Implement a reference monitor to implement the Access Control policies. CC ID 10096 Configuration Preventive
    Configure the "Add Printer wizard - Network scan page (Managed network)" setting to organizational standards. CC ID 10692 Configuration Preventive
    Configure the "Add Printer wizard - Network scan page (Unmanaged network)" setting to organizational standards. CC ID 10693 Configuration Preventive
    Configure the "All Removable Storage classes: Deny all access" setting to organizational standards. CC ID 10696 Configuration Preventive
    Configure the "All Removable Storage: Allow direct access in remote sessions" setting to organizational standards. CC ID 10697 Configuration Preventive
    Configure the "Allowrdp files from unknown publishers" setting to organizational standards. CC ID 10698 Configuration Preventive
    Configure the "Allowrdp files from valid publishers and user's defaultrdp settings" setting to organizational standards. CC ID 10699 Configuration Preventive
    Configure the "Allow admin to install from Remote Desktop Services session" setting to organizational standards. CC ID 10700 Configuration Preventive
    Configure the "Allow administrators to override Device Installation Restriction policies" setting to organizational standards. CC ID 10701 Configuration Preventive
    Configure the "Allow Applications to Prevent Automatic Sleep (On Battery)" setting to organizational standards. CC ID 10702 Configuration Preventive
    Configure the "Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services" setting to organizational standards. CC ID 10704 Configuration Preventive
    Configure the "Allow audio and video playback redirection" setting to organizational standards. CC ID 10705 Configuration Preventive
    Configure the "Allow audio recording redirection" setting to organizational standards. CC ID 10706 Configuration Preventive
    Configure the "Allow automatic configuration of listeners" setting to organizational standards. CC ID 10707 Configuration Preventive
    Configure the "Allow Automatic Sleep with Open Network Files (On Battery)" setting to organizational standards. CC ID 10708 Configuration Preventive
    Configure the "Allow Automatic Updates immediate installation" setting to organizational standards. CC ID 10710 Configuration Preventive
    Configure the "Allow BITS Peercaching" setting to organizational standards. CC ID 10711 Configuration Preventive
    Configure the "Allow certificates with no extended key usage certificate attribute" setting to organizational standards. CC ID 10712 Configuration Preventive
    Configure the "Allow Corporate redirection of Customer Experience Improvement uploads" setting to organizational standards. CC ID 10713 Configuration Preventive
    Configure the "Allow CredSSP authentication" setting for the "WinRM client" to organizational standards. CC ID 10714 Configuration Preventive
    Configure the "Allow Cross-Forest User Policy and Roaming User Profiles" setting to organizational standards. CC ID 10716 Configuration Preventive
    Configure the "Allow cryptography algorithms compatible with Windows NT 4.0" setting to organizational standards. CC ID 10717 Configuration Preventive
    Configure the "Allow Delegating Default Credentials" setting to organizational standards. CC ID 10718 Configuration Preventive
    Configure the "Allow Delegating Default Credentials with NTLM-only Server Authentication" setting to organizational standards. CC ID 10719 Configuration Preventive
    Configure the "Allow Delegating Fresh Credentials" setting to organizational standards. CC ID 10720 Configuration Preventive
    Configure the "Allow Delegating Fresh Credentials with NTLM-only Server Authentication" setting to organizational standards. CC ID 10721 Configuration Preventive
    Configure the "Allow Delegating Saved Credentials" setting to organizational standards. CC ID 10722 Configuration Preventive
    Configure the "Allow Delegating Saved Credentials with NTLM-only Server Authentication" setting to organizational standards. CC ID 10723 Configuration Preventive
    Configure the "Allow desktop composition for remote desktop sessions" setting to organizational standards. CC ID 10724 Configuration Preventive
    Configure the "Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries" setting to organizational standards. CC ID 10725 Configuration Preventive
    Configure the "Allow domain users to log on using biometrics" setting to organizational standards. CC ID 10726 Configuration Preventive
    Configure the "Allow ECC certificates to be used for logon and authentication" setting to organizational standards. CC ID 10727 Configuration Preventive
    Configure the "Allow Enhanced Storage certificate provisioning" setting to organizational standards. CC ID 10728 Configuration Preventive
    Configure the "Allow installation of devices that match any of these device IDs" setting to organizational standards. CC ID 10729 Configuration Preventive
    Configure the "Allow installation of devices using drivers that match these device setup classes" setting to organizational standards. CC ID 10730 Configuration Preventive
    Configure the "Allow Integrated Unblock screen to be displayed at the time of logon" setting to organizational standards. CC ID 10731 Configuration Preventive
    Configure the "Allow local activation security check exemptions" setting to organizational standards. CC ID 10732 Configuration Preventive
    Configure the "Allow logon scripts when NetBIOS or WINS is disabled" setting to organizational standards. CC ID 10733 Configuration Preventive
    Configure the "Allow non-administrators to install drivers for these device setup classes" setting to organizational standards. CC ID 10734 Configuration Preventive
    Configure the "Allow non-administrators to receive update notifications" setting to organizational standards. CC ID 10735 Configuration Preventive
    Configure the "Allow only system backup" setting to organizational standards. CC ID 10736 Configuration Preventive
    Configure the "Allow only USB root hub connected Enhanced Storage devices" setting to organizational standards. CC ID 10737 Configuration Preventive
    Configure the "Allow or Disallow use of the Offline Files feature" setting to organizational standards. CC ID 10738 Configuration Preventive
    Configure the "Allow Print Spooler to accept client connections" setting to organizational standards. CC ID 10739 Configuration Preventive
    Configure the "Allow printers to be published" setting to organizational standards. CC ID 10740 Configuration Preventive
    Configure the "Allow pruning of published printers" setting to organizational standards. CC ID 10741 Configuration Preventive
    Configure the "Allow remote start of unlisted programs" setting to organizational standards. CC ID 10743 Configuration Preventive
    Configure the "Allow restore of system to default state" setting to organizational standards. CC ID 10744 Configuration Preventive
    Configure the "Allow signature keys valid for Logon" setting to organizational standards. CC ID 10745 Configuration Preventive
    Configure the "Allow signed updates from an intranet Microsoft update service location" setting to organizational standards. CC ID 10746 Configuration Preventive
    Configure the "Allow the Network Access Protection client to support the 802.1x Enforcement Client component" setting to organizational standards. CC ID 10747 Configuration Preventive
    Configure the "Allow time invalid certificates" setting to organizational standards. CC ID 10748 Configuration Preventive
    Configure the "Allow time zone redirection" setting to organizational standards. CC ID 10749 Configuration Preventive
    Configure the "Allow user name hint" setting to organizational standards. CC ID 10750 Configuration Preventive
    Configure the "Allow users to log on using biometrics" setting to organizational standards. CC ID 10751 Configuration Preventive
    Configure the "Always render print jobs on the server" setting to organizational standards. CC ID 10752 Configuration Preventive
    Configure the "Always use classic logon" setting to organizational standards. CC ID 10754 Configuration Preventive
    Configure the "Always use custom logon background" setting to organizational standards. CC ID 10755 Configuration Preventive
    Configure the "Apply the default user logon picture to all users" setting to organizational standards. CC ID 10757 Configuration Preventive
    Configure the "Assign a default domain for logon" setting to organizational standards. CC ID 10758 Configuration Preventive
    Configure the "CD and DVD: Deny execute access" setting to organizational standards. CC ID 10767 Configuration Preventive
    Configure the "CD and DVD: Deny read access" setting to organizational standards. CC ID 10768 Configuration Preventive
    Configure the "CD and DVD: Deny write access" setting to organizational standards. CC ID 10769 Configuration Preventive
    Configure the "Printers preference logging and tracing" setting to organizational standards. CC ID 10799 Configuration Preventive
    Configure the "Contact PDC on logon failure" setting to organizational standards. CC ID 10825 Configuration Preventive
    Configure the "Custom Classes: Deny read access" setting to organizational standards. CC ID 10835 Configuration Preventive
    Configure the "Custom Classes: Deny write access" setting to organizational standards. CC ID 10836 Configuration Preventive
    Configure the "Deny Delegating Default Credentials" setting to organizational standards. CC ID 10848 Configuration Preventive
    Configure the "Deny Delegating Fresh Credentials" setting to organizational standards. CC ID 10849 Configuration Preventive
    Configure the "Deny Delegating Saved Credentials" setting to organizational standards. CC ID 10850 Configuration Preventive
    Configure the "Disallow changing of geographic location" setting to organizational standards. CC ID 10870 Configuration Preventive
    Configure the "Disallow Interactive Users from generating Resultant Set of Policy data" setting to organizational standards. CC ID 10871 Configuration Preventive
    Configure the "Disallow Kerberos authentication" setting for the "WinRM client" to organizational standards. CC ID 10872 Configuration Preventive
    Configure the "Disallow locally attached storage as backup target" setting to organizational standards. CC ID 10874 Configuration Preventive
    Configure the "Disallow Negotiate authentication" setting for the "WinRM client" to organizational standards. CC ID 10875 Configuration Preventive
    Configure the "Disallow network as backup target" setting to organizational standards. CC ID 10877 Configuration Preventive
    Configure the "Disallow optical media as backup target" setting to organizational standards. CC ID 10878 Configuration Preventive
    Configure the "Disallow run-once backups" setting to organizational standards. CC ID 10879 Configuration Preventive
    Configure the "Disallow selection of Custom Locales" setting to organizational standards. CC ID 10880 Configuration Preventive
    Configure the "Disallow user override of locale settings" setting to organizational standards. CC ID 10881 Configuration Preventive
    Configure the "Display information about previous logons during user logon" setting to organizational standards. CC ID 10887 Configuration Preventive
    Configure the "Do not allow adding new targets via manual configuration" setting to organizational standards. CC ID 10891 Configuration Preventive
    Configure the "Do not allow additional session logins" setting to organizational standards. CC ID 10892 Configuration Preventive
    Configure the "Do not allow changes to initiator CHAP secret" setting to organizational standards. CC ID 10893 Configuration Preventive
    Configure the "Do not allow changes to initiator iqn name" setting to organizational standards. CC ID 10894 Configuration Preventive
    Configure the "Do not allow client printer redirection" setting to organizational standards. CC ID 10895 Configuration Preventive
    Configure the "Do not allow clipboard redirection" setting to organizational standards. CC ID 10896 Configuration Preventive
    Configure the "Do not allow color changes" setting to organizational standards. CC ID 10897 Configuration Preventive
    Configure the "Do not allow COM port redirection" setting to organizational standards. CC ID 10898 Configuration Preventive
    Configure the "Do not allow compression on all NTFS volumes" setting to organizational standards. CC ID 10899 Configuration Preventive
    Configure the "Do not allow connections without IPSec" setting to organizational standards. CC ID 10900 Configuration Preventive
    Configure the "Do not allow desktop composition" setting to organizational standards. CC ID 10901 Configuration Preventive
    Configure the "Do not allow encryption on all NTFS volumes" setting to organizational standards. CC ID 10902 Configuration Preventive
    Configure the "Do not allow Flip3D invocation" setting to organizational standards. CC ID 10903 Configuration Preventive
    Configure the "Do not allow font smoothing" setting to organizational standards. CC ID 10904 Configuration Preventive
    Configure the "Do not allow LPT port redirection" setting to organizational standards. CC ID 10905 Configuration Preventive
    Configure the "Do not allow manual configuration of discovered targets" setting to organizational standards. CC ID 10906 Configuration Preventive
    Configure the "Do not allow manual configuration of iSNS servers" setting to organizational standards. CC ID 10907 Configuration Preventive
    Configure the "Do not allow manual configuration of target portals" setting to organizational standards. CC ID 10908 Configuration Preventive
    Configure the "Do not allow non-Enhanced Storage removable devices" setting to organizational standards. CC ID 10909 Configuration Preventive
    Configure the "Do not allow password authentication of Enhanced Storage devices" setting to organizational standards. CC ID 10910 Configuration Preventive
    Configure the "Do not allow sessions without mutual CHAP" setting to organizational standards. CC ID 10912 Configuration Preventive
    Configure the "Do not allow sessions without one way CHAP" setting to organizational standards. CC ID 10913 Configuration Preventive
    Configure the "Do not allow smart card device redirection" setting to organizational standards. CC ID 10914 Configuration Preventive
    Configure the "Do not allow Snipping Tool to run" setting to organizational standards. CC ID 10915 Configuration Preventive
    Configure the "Do not allow Sound Recorder to run" setting to organizational standards. CC ID 10916 Configuration Preventive
    Configure the "Do not allow the BITS client to use Windows Branch Cache" setting to organizational standards. CC ID 10918 Configuration Preventive
    Configure the "Do not allow the computer to act as a BITS Peercaching client" setting to organizational standards. CC ID 10919 Configuration Preventive
    Configure the "Do not allow the computer to act as a BITS Peercaching server" setting to organizational standards. CC ID 10920 Configuration Preventive
    Configure the "Do not allow window animations" setting to organizational standards. CC ID 10921 Configuration Preventive
    Configure the "Do not allow Windows Media Center to run" setting to organizational standards. CC ID 10923 Configuration Preventive
    Configure the "Do not display Initial Configuration Tasks window automatically at logon" setting to organizational standards. CC ID 10927 Configuration Preventive
    Configure the "Do not display Manage Your Server page at logon" setting to organizational standards. CC ID 10928 Configuration Preventive
    Configure the "Do not display Server Manager automatically at logon" setting to organizational standards. CC ID 10929 Configuration Preventive
    Configure the "Do not set default client printer to be default printer in a session" setting to organizational standards. CC ID 10935 Configuration Preventive
    Configure the "Execute print drivers in isolated processes" setting to organizational standards. CC ID 10964 Configuration Preventive
    Configure the "Expected dial-up delay on logon" setting to organizational standards. CC ID 10965 Configuration Preventive
    Configure the "Extend Point and Print connection to search Windows Update" setting to organizational standards. CC ID 10966 Configuration Preventive
    Configure the "Filter duplicate logon certificates" setting to organizational standards. CC ID 10967 Configuration Preventive
    Configure the "Floppy Drives: Deny execute access" setting to organizational standards. CC ID 10969 Configuration Preventive
    Configure the "Floppy Drives: Deny read access" setting to organizational standards. CC ID 10970 Configuration Preventive
    Configure the "Floppy Drives: Deny write access" setting to organizational standards. CC ID 10971 Configuration Preventive
    Configure the "Limit the maximum number of files allowed in a BITS job" setting to organizational standards. CC ID 11020 Configuration Preventive
    Configure the "Netlogon share compatibility" setting to organizational standards. CC ID 11048 Configuration Preventive
    Configure the "Only allow local user profiles" setting to organizational standards. CC ID 11056 Configuration Preventive
    Configure the "Only use Package Point and print" setting to organizational standards. CC ID 11057 Configuration Preventive
    Configure the "Override print driver execution compatibility setting reported by print driver" setting to organizational standards. CC ID 11059 Configuration Preventive
    Configure the "Package Point and print - Approved servers" setting to organizational standards. CC ID 11061 Configuration Preventive
    Configure the "Pre-populate printer search location text" setting to organizational standards. CC ID 11065 Configuration Preventive
    Configure the "Printer browsing" setting to organizational standards. CC ID 11097 Configuration Preventive
    Configure the "Provide information about previous logons to client computers" setting to organizational standards. CC ID 11111 Configuration Preventive
    Configure the "Prune printers that are not automatically republished" setting to organizational standards. CC ID 11112 Configuration Preventive
    Configure the "Redirect only the default client printer" setting to organizational standards. CC ID 11116 Configuration Preventive
    Configure the "Removable Disks: Deny execute access" setting to organizational standards. CC ID 11123 Configuration Preventive
    Configure the "Removable Disks: Deny read access" setting to organizational standards. CC ID 11124 Configuration Preventive
    Configure the "Removable Disks: Deny write access" setting to organizational standards. CC ID 11125 Configuration Preventive
    Configure the "Run logon scripts synchronously" setting to organizational standards. CC ID 11151 Configuration Preventive
    Configure the "Run these programs at user logon" setting to organizational standards. CC ID 11155 Configuration Preventive
    Configure the "Selectively allow the evaluation of a symbolic link" setting to organizational standards. CC ID 11169 Configuration Preventive
    Configure the "Specify SHA1 thumbprints of certificates representing trustedrdp publishers" setting to organizational standards. CC ID 11215 Configuration Preventive
    Configure the "Tape Drives: Deny execute access" setting to organizational standards. CC ID 11233 Configuration Preventive
    Configure the "Tape Drives: Deny read access" setting to organizational standards. CC ID 11234 Configuration Preventive
    Configure the "Tape Drives: Deny write access" setting to organizational standards. CC ID 11235 Configuration Preventive
    Configure the "Timeout for hung logon sessions during shutdown" setting to organizational standards. CC ID 11245 Configuration Preventive
    Configure the "Troubleshooting: Allow users to access and run Troubleshooting Wizards" setting to organizational standards. CC ID 11247 Configuration Preventive
    Configure the "Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)" setting to organizational standards. CC ID 11248 Configuration Preventive
    Configure the "Turn off the "Order Prints" picture task" setting to organizational standards. CC ID 11314 Configuration Preventive
    Configure the "Use Remote Desktop Easy Print printer driver first" setting to organizational standards. CC ID 11365 Configuration Preventive
    Establish and maintain specific directory installation rules and domain controller installation rules. CC ID 01734 Establish/Maintain Documentation Preventive
    Configure the "Domain controller: Allow server operators to schedule tasks" setting. CC ID 01735 Configuration Preventive
    Configure the "domain member: require strong (Windows 2000 or later) session key" setting. CC ID 01738 Configuration Preventive
    Configure the "Enforce user logon restrictions" setting. CC ID 04500 Configuration Preventive
    Configure the "Maximum lifetime for service ticket" setting. CC ID 04501 Configuration Preventive
    Configure the "Maximum lifetime for user ticket" setting. CC ID 04502 Configuration Preventive
    Configure the "Maximum lifetime for user ticket renewal" setting. CC ID 04503 Configuration Preventive
    Configure the "Maximum tolerance for computer clock synchronization" setting. CC ID 04504 Configuration Preventive
    Verify the Trusted Computing Base is installed, as appropriate. CC ID 05589 Configuration Preventive
    Establish, implement, and maintain appropriate shutdown procedures. CC ID 01778 Establish/Maintain Documentation Preventive
    Configure the "Shutdown: Allow system to be shut down without having to log on" setting. CC ID 01779 Configuration Preventive
    Configure the "Shutdown: Clear virtual memory pagefile" setting. CC ID 01780 Configuration Preventive
    Configure Multi-Function Devices to clear their hard drives in between jobs. CC ID 04816 Configuration Preventive
    Configure shared volumes to use the appropriate file system for the network protocols being operated (NT File System in Windows OS or Netware SS), and configure the security parameters. CC ID 01927 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\at.exe. CC ID 01929 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\attrib.exe. CC ID 01930 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\cacls.exe. CC ID 01931 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\debug.exe. CC ID 01932 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\drwatson.exe. CC ID 01933 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\drwtsn32.exe. CC ID 01934 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\edlin.exe. CC ID 01935 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\eventcreate.exe. CC ID 01936 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\eventtriggers.exe. CC ID 01937 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\ftp.exe. CC ID 01938 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\net.exe. CC ID 01939 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\net1.exe. CC ID 01940 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\netsh.exe. CC ID 01941 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\rcp.exe. CC ID 01942 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\reg.exe. CC ID 01943 Configuration Preventive
    Configure the file permissions for %SystemRoot%\regedit.exe. CC ID 01944 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\regedt32.exe. CC ID 01945 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\regsvr32.exe. CC ID 01946 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\rexec.exe. CC ID 01947 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\rsh.exe. CC ID 01948 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\runas.exe. CC ID 01949 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\sc.exe. CC ID 01950 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\subst.exe. CC ID 01951 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\telnet.exe. CC ID 01952 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\tftp.exe. CC ID 01953 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\tlntsvr.exe. CC ID 01954 Configuration Preventive
    Configure the file permissions for %SystemDrive%\. CC ID 01968 Configuration Preventive
    Configure the file permissions for %SystemDrive%\autoexec.bat. CC ID 01969 Configuration Preventive
    Configure the file permissions for %SystemDrive%\boot.ini. CC ID 01970 Configuration Preventive
    Configure the file permissions for %SystemDrive%\config.sys. CC ID 01971 Configuration Preventive
    Configure the file permissions for %SystemDrive%\io.sys. CC ID 01972 Configuration Preventive
    Configure the file permissions for %SystemDrive%\msdos.sys. CC ID 01973 Configuration Preventive
    Configure the file permissions for %SystemDrive%\ntbootdd.sys. CC ID 01974 Configuration Preventive
    Configure the file permissions for %SystemDrive%\ntdetect.com. CC ID 01975 Configuration Preventive
    Configure the file permissions for %SystemDrive%\ntldr. CC ID 01976 Configuration Preventive
    Configure the file permissions for %SystemDrive%\Documents and Settings. CC ID 01977 Configuration Preventive
    Configure the file permissions for %SystemDrive%\Documents and Settings\Administrator. CC ID 01978 Configuration Preventive
    Configure the file permissions for %SystemDrive%\Documents and Settings\All Users. CC ID 01979 Configuration Preventive
    Configure the file permissions for %SystemDrive%\Documents and Settings\All Users\Documents\DrWatson. CC ID 01980 Configuration Preventive
    Configure the file permissions for %SystemDrive%\Documents and Setting\Default User. CC ID 01981 Configuration Preventive
    Configure the file permissions for %SystemDrive%\System Volume Information. CC ID 01982 Configuration Preventive
    Configure the file permissions for %SystemDrive%\Temp. CC ID 01983 Configuration Preventive
    Configure the file permissions for %ProgramFiles%. CC ID 01984 Configuration Preventive
    Configure the file permissions for %SystemDrive%\Program Files\Resource Kit. CC ID 01985 Configuration Preventive
    Configure the file permissions for %SystemRoot%. CC ID 01986 Configuration Preventive
    Configure the file permissions for %SystemRoot%\$NTServicePackUninstall$. CC ID 01987 Configuration Preventive
    Configure the file permissions for %SystemRoot%\CSC. CC ID 01988 Configuration Preventive
    Configure the file permissions for %SystemRoot%\Debug. CC ID 01989 Configuration Preventive
    Configure the file permissions for %SystemRoot%\Debug\UserMode. CC ID 01990 Configuration Preventive
    Configure the file permissions for %SystemRoot%\Offline Web Pages. CC ID 01991 Configuration Preventive
    Configure the file permissions for %SystemRoot%\Registration. CC ID 01992 Configuration Preventive
    Configure the file permissions for %SystemRoot%\Repair. CC ID 01993 Configuration Preventive
    Configure the file permissions for %SystemRoot%\security. CC ID 01994 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32. CC ID 01995 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\Ntbackup.exe. CC ID 01996 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\secedit.exe. CC ID 01997 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\appmgmt. CC ID 01998 Configuration Preventive
    Configure the file permissions for %SystemRoot%\config. CC ID 01999 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\dllcache. CC ID 02000 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\DTCLog. CC ID 02001 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\GroupPolicy. CC ID 02002 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\ias. CC ID 02003 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\NTMSData. CC ID 02004 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\reinstallbackups. CC ID 02005 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\Setup. CC ID 02006 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\spool\printers. CC ID 02007 Configuration Preventive
    Configure the file permissions for %SystemRoot%\Tasks. CC ID 02008 Configuration Preventive
    Configure the file permissions for %SystemRoot%\Temp. CC ID 02009 Configuration Preventive
    Configure the file permissions for %SystemDrive%\Program Files\Resource Pro Kit. CC ID 04301 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\arp.exe. CC ID 04304 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\nbstat.exe. CC ID 04305 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\netstat.exe. CC ID 04306 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\nslookup.exe. CC ID 04307 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\regini.exe. CC ID 04308 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\route.exe. CC ID 04310 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\systeminfo.exe. CC ID 04311 Configuration Preventive
    Disable DOSFAT.NSS. CC ID 04462 Configuration Preventive
    Enable user directory data encryption. CC ID 04467 Configuration Preventive
    Verify iPrint/NDPS are not on the system volume (sys). CC ID 04468 Technical Security Preventive
    Purge files immediately after deletion. CC ID 04469 Technical Security Preventive
    Remove the SYS:Mail directory. CC ID 04470 Configuration Preventive
    Configure the largest folder size (storage capacity) restrictions for user directories. CC ID 04471 Configuration Preventive
    Verify only necessary system files are located on the server's system volume (sys) or boot volume. CC ID 04472 Testing Preventive
    Configure the file permissions for %SystemRoot%\System32\Config\AppEvent.evt. CC ID 04506 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\Config\SecEvent.evt. CC ID 04507 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\Config\SysEvent.evt. CC ID 04508 Configuration Preventive
    Configure the file permissions for %SystemDirectory%. CC ID 04532 Configuration Preventive
    Configure the file permissions appropriately for all shell executables. CC ID 05619 Configuration Preventive
    Configure the file permissions for the remote copy (rcp) binary properly. CC ID 05620 Configuration Preventive
    Configure the file permissions for the remote login (rlogin) binary properly. CC ID 05621 Configuration Preventive
    Configure the file permissions for the rlogind binary properly. CC ID 05622 Configuration Preventive
    Configure the file permissions for the remote shell (rsh) binary properly. CC ID 05623 Configuration Preventive
    Configure the file permissions for the rshd binary properly. CC ID 05624 Configuration Preventive
    Configure the file permissions for the tftp binary properly. CC ID 05625 Configuration Preventive
    Configure the file permissions for the tftpd binary properly. CC ID 05626 Configuration Preventive
    Configure the file permissions for %SystemDrive%\Documents and Settings\All Users\Documents\DrWatson\drwts32.log properly. CC ID 05627 Configuration Preventive
    Configure the directory permissions for %SystemDrive%\My Download Files properly. CC ID 05628 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\Driver Cache\I386\Driver.cab properly. CC ID 05629 Configuration Preventive
    Configure the permissions for the %SystemRoot%\$NtUninstall* directories properly. CC ID 05630 Configuration Preventive
    Configure the directory permissions for %SystemDrive%\NTDS properly. CC ID 05631 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\SYSVOL properly. CC ID 05632 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\SYSVOL\domain\Policies properly. CC ID 05633 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\repl properly. CC ID 05634 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\repl\export properly. CC ID 05635 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\repl\import properly. CC ID 05636 Configuration Preventive
    Configure the directory permissions for %ALL% properly. CC ID 05637 Configuration Preventive
    Configure the directory permissions for %ALL%\Program Files\MQSeries properly. CC ID 05638 Configuration Preventive
    Configure the directory permissions for %ALL%\Program Files\MQSeries\qmggr properly. CC ID 05639 Configuration Preventive
    Configure the directory permissions for %SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ACL properly. CC ID 05640 Configuration Preventive
    Configure the directory permissions for %SystemDrive%\WINNT\SECURITY\Database\SECEDIT.SDB ACL properly. CC ID 05641 Configuration Preventive
    Configure the directory permissions for %SystemDrive%\perflogs properly. CC ID 05642 Configuration Preventive
    Configure the directory permissions for %SystemDrive%\i386 properly. CC ID 05643 Configuration Preventive
    Configure the directory permissions for %ProgramFiles%\Common Files\SpeechEngines\TTS properly. CC ID 05644 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\_default.plf properly. CC ID 05645 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\addins properly. CC ID 05646 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\appPatch properly. CC ID 05647 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\clock.avi properly. CC ID 05648 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\Connection Wizard properly. CC ID 05649 Configuration Preventive
    Configure the file permissions for %SystemRoot%\Driver Cache properly. CC ID 05650 Configuration Preventive
    Configure the file permissions for %SystemRoot%\explorer.scf properly. CC ID 05651 Configuration Preventive
    Configure the file permissions for %SystemRoot%\explorer.exe properly. CC ID 05652 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\Help properly. CC ID 05653 Configuration Preventive
    Configure the file permissions for %SystemRoot%\inf\unregmp2.exe properly. CC ID 05654 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\Java properly. CC ID 05655 Configuration Preventive
    Configure the file permissions for %SystemRoot%\mib.bin properly. CC ID 05656 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\msagent properly. CC ID 05657 Configuration Preventive
    Configure the file permissions for %SystemRoot%\msdfmap.ini properly. CC ID 05658 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\mui properly. CC ID 05659 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\security\templates properly. CC ID 05660 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\speech properly. CC ID 05661 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system.ini properly. CC ID 05662 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system\setup.inf properly. CC ID 05663 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system\stdole.tlb properly. CC ID 05664 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\twain_32 properly. CC ID 05665 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\CatRoot properly. CC ID 05666 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\configf\systemprofile properly. CC ID 05667 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\dhcp properly. CC ID 05668 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\drivers properly. CC ID 05669 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\Export properly. CC ID 05670 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\ipconfig.exe properly. CC ID 05671 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\LogFiles properly. CC ID 05672 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\mshta.exe properly. CC ID 05673 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\mui properly. CC ID 05674 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\ShellExt properly. CC ID 05675 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\wbem properly. CC ID 05676 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\wbem\mof properly. CC ID 05677 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\wbem\repository properly. CC ID 05678 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\wbem\logs properly. CC ID 05679 Configuration Preventive
    Configure the directory permissions for %AllUsersProfile% properly. CC ID 05680 Configuration Preventive
    Configure the directory permissions for %AllUsersProfile%\Application Data properly. CC ID 05681 Configuration Preventive
    Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft properly. CC ID 05682 Configuration Preventive
    Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Crypto\DSSHKLMKeys properly. CC ID 05683 Configuration Preventive
    Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Crypto\RSAHKLMKeys properly. CC ID 05684 Configuration Preventive
    Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Dr Watson properly. CC ID 05685 Configuration Preventive
    Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Dr Watson\drwtsn32.log properly. CC ID 05686 Configuration Preventive
    Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\HTML Help properly. CC ID 05687 Configuration Preventive
    Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\MediaIndex properly. CC ID 05688 Configuration Preventive
    Configure the directory permissions for %AllUsersProfile%\Documents\desktop.ini properly. CC ID 05689 Configuration Preventive
    Configure the directory permissions for %AllUsersProfile%\DRM properly. CC ID 05690 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\Debug\UserMode\userenv.log properly. CC ID 05691 Configuration Preventive
    Configure the file permissions for %SystemRoot%\Installer properly. CC ID 05692 Configuration Preventive
    Configure the file permissions for %SystemRoot%\Prefetch properly. CC ID 05693 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\Registration\CRMLog properly. CC ID 05694 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\ciadv.msc properly. CC ID 05695 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\Com\comexp.msc properly. CC ID 05696 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\compmgmt.msc properly. CC ID 05697 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\Config properly. CC ID 05698 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\Config\*.evt properly. CC ID 05699 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\devmgmt.msc properly. CC ID 05700 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\dfrg.msc properly. CC ID 05701 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\diskmgmt.msc properly. CC ID 05702 Configuration Preventive
    Configure the file permissions for %SystemRoot%\system32\eventvwr.msc properly. CC ID 05703 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\fsmgmt.msc properly. CC ID 05704 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\gpedit.msc properly. CC ID 05705 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\lusrmgr.msg properly. CC ID 05706 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\System32\MSDTC properly. CC ID 05707 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\ntmsoprq.msc properly. CC ID 05708 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\ntmsmgr.msc properly. CC ID 05709 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\perfmon.msc properly. CC ID 05710 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\RSoP.msc properly. CC ID 05711 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\secpol.msc properly. CC ID 05712 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\services.msc properly. CC ID 05713 Configuration Preventive
    Configure the file permissions for %SystemRoot%\System32\wmimgmt.msc properly. CC ID 05714 Configuration Preventive
    Configure the directory permissions for %SystemRoot%\Web properly. CC ID 05715 Configuration Preventive
    Configure the BitLocker setting appropriately for fixed disk drives and removable disk drives. CC ID 06064 Configuration Preventive
    Configure the settings for fixed disk drives, removable disk drives, and operating system disk drives. CC ID 06065 Configuration Preventive
    Configure the BitLocker identifiers. CC ID 06066 Configuration Preventive
    Configure utility and device driver software in accordance with organizational standards. CC ID 12340 Configuration Preventive
    Review the use of utility and device driver software, as necessary. CC ID 13145 Business Processes Detective
    Restrict utility programs from interfering with Information Technology operations. CC ID 13087 Configuration Preventive
    Configure appropriate Partitioning schemes. CC ID 02162 Configuration Preventive
    Verify the /home file system, /export/home file system, and /var file system each has its own partition. CC ID 02163 Configuration Preventive
    Verify the root shell environment is located outside the /usr directory in a partitioned environment. CC ID 02158 Configuration Preventive
    Verify the primary filesystem partition uses an appropriate filesystem. CC ID 05716 Configuration Preventive
    Enable the OS/2 subsystem, as appropriate. CC ID 05717 Configuration Preventive
    Configure the "nodev" option for "/tmp" setting to organizational standards. CC ID 08725 Establish/Maintain Documentation Preventive
    Configure the "nodev" option for "/dev/shm" setting to organizational standards. CC ID 08726 Establish/Maintain Documentation Preventive
    Configure the "/tmp filesystem partition" setting to organizational standards. CC ID 08727 Establish/Maintain Documentation Preventive
    Configure the "var/log" filesystem to organizational standards. CC ID 08728 Establish/Maintain Documentation Preventive
    Configure the “var/log/audit” filesystem to organizational standards. CC ID 08729 Establish/Maintain Documentation Preventive
    Configure the "nosuid" setting on the "/tmp" directory to organizational standards. CC ID 08730 Establish/Maintain Documentation Preventive
    Configure the "noexec" setting on the "/tmp" directory to organizational standards. CC ID 08731 Establish/Maintain Documentation Preventive
    Configure the "nosuid" setting on the "/dev/shm" directory to organizational standards. CC ID 08732 Establish/Maintain Documentation Preventive
    Configure the "noexec" option for "/dev/shm" to organizational standards. CC ID 08733 Establish/Maintain Documentation Preventive
    Configure the "/var/tmp filesystem partition" setting to organizational standards. CC ID 08734 Establish/Maintain Documentation Preventive
    Configure the "nodev" option for "/run/shm" to organizational standards. CC ID 11376 Configuration Preventive
    Configure the "nosuid" option for "/run/shm" to organizational standards. CC ID 11377 Configuration Preventive
    Configure the "noexec" option for "/run/shm" to organizational standards. CC ID 11378 Configuration Preventive
    Configure attached printers and shared printers. CC ID 04499 Configuration Preventive
    Establish, implement, and maintain network parameter modification procedures. CC ID 01517 Establish/Maintain Documentation Preventive
    Configure the IPsec security association lifetime to organizational standards. CC ID 16508 Configuration Preventive
    Configure route filtering to organizational standards. CC ID 16359 Configuration Preventive
    Refrain from accepting routes from unauthorized parties. CC ID 16397 Technical Security Preventive
    Configure security gateways to organizational standards. CC ID 16352 Configuration Preventive
    Configure network elements to organizational standards. CC ID 16361 Configuration Preventive
    Configure devices having access to network elements to organizational standards. CC ID 16408 Configuration Preventive
    Configure routing tables to organizational standards. CC ID 15438 Configuration Preventive
    Configure "NetBT NodeType configuration" to organizational standards. CC ID 15383 Configuration Preventive
    Configure "Allow remote server management through WinRM" to organizational standards. CC ID 15364 Configuration Preventive
    Configure "Allow network connectivity during connected-standby (on battery)" to organizational standards. CC ID 15342 Configuration Preventive
    Configure BOOTP queries to be accepted or denied by the DHCP Server, as appropriate. CC ID 06040 Configuration Preventive
    Enable TCP wrappers. CC ID 01567 Configuration Preventive
    Configure TCP wrappers. CC ID 01566 Configuration Preventive
    Configure devices to block or avoid outbound connections. CC ID 04807 Configuration Preventive
    Configure devices to deny inbound connections. CC ID 04805 Configuration Preventive
    Review and restrict network addresses and network protocols. CC ID 01518 Configuration Preventive
    Establish, implement, and maintain a network addressing plan. CC ID 16399 Establish/Maintain Documentation Preventive
    Define the location requirements for network elements and network devices. CC ID 16379 Process or Activity Preventive
    Disable wireless access if it is not necessary. CC ID 12100 Configuration Preventive
    Configure wireless access to be restricted to authorized wireless networks. CC ID 12099 Technical Security Preventive
    Configure Network Address Translation to organizational standards. CC ID 16395 Configuration Preventive
    Enable Network Address Translation or Port Address Translation for internal networks on all network access and control points. CC ID 00545 Configuration Preventive
    Disable NIS Server Daemons unless NIS Server Daemons are absolutely necessary. CC ID 01457 Configuration Preventive
    Disable NIS Client Daemons unless NIS Client Daemons are absolutely necessary. CC ID 01458 Configuration Preventive
    Disable NIS+ daemons unless NIS+ daemons are absolutely necessary. CC ID 01459 Configuration Preventive
    Disable Kerberos server daemons unless Kerberos server daemons are absolutely necessary. CC ID 01461 Configuration Preventive
    Disable Kerberos client daemons unless Kerberos client daemons are absolutely necessary. CC ID 01462 Configuration Preventive
    Disable Kerberos-related daemons unless Kerberos-related daemons are absolutely necessary. CC ID 01463 Configuration Preventive
    Disable DHCP Server unless DHCP Server is absolutely necessary. CC ID 01482 Configuration Preventive
    Disable Domain Name Server unless Domain Name Server is absolutely necessary. CC ID 01483 Configuration Preventive
    Disable Simple Network Management Protocol unless it is absolutely necessary. CC ID 01491 Configuration Preventive
    Enable or disable tunneling, as necessary. CC ID 15235 Configuration Preventive
    Disable Internet Protocol version 6 unless it is absolutely necessary. CC ID 01493 Configuration Preventive
    Disable Simple Mail Transport Protocol unless it is absolutely necessary. CC ID 01825 Configuration Preventive
    Disable SNMP trap unless SNMP trap is absolutely necessary. CC ID 01828 Configuration Preventive
    Disable UNIX-to-UNIX Copy Program unless it is absolutely necessary. CC ID 02169 Configuration Preventive
    Disable the ugidd daemon unless the ugidd daemon is absolutely necessary. CC ID 02181 Configuration Preventive
    Disable IP Routing unless it is absolutely necessary. CC ID 02170 Configuration Preventive
    Disable Client Service for NetWare unless it is absolutely necessary. CC ID 04277 Configuration Preventive
    Disable HyperText Transfer Protocol Secure Socket Layer unless it is absolutely necessary. CC ID 04281 Configuration Preventive
    Disable network connections unless network connections are absolutely necessary. CC ID 04283 Configuration Preventive
    Disable Boot Protocol unless it is absolutely necessary. CC ID 04809 Configuration Preventive
    Disable Pre-boot eXecution Environment unless it is absolutely necessary. CC ID 04819 Configuration Preventive
    Disable Bluetooth unless Bluetooth is absolutely necessary. CC ID 04476 Configuration Preventive
    Disable Internetwork Packet Exchange/Sequenced Packet Exchange. CC ID 04800 Configuration Preventive
    Disable AppleTalk. CC ID 04799 Configuration Preventive
    Disable Network Basic Input/Output System. CC ID 01925 Configuration Preventive
    Assign or reserve static IP addresses in Dynamic Host Configuration Protocol. CC ID 04801 Configuration Preventive
    Disable wireless networking on Multi-Function Devices, unless absolutely necessary. CC ID 04821 Configuration Preventive
    Configure mountd to use a static port or a dynamic portmapper port, as appropriate. CC ID 06023 Configuration Preventive
    Configure the Avahi daemon to serve via Internet Protocol version 4, Internet Protocol version 6, as appropriate. CC ID 06024 Configuration Preventive
    Validate and check Simple Network Management Protocol using snmpwalk. CC ID 06941 Configuration Preventive
    Disable the XDMCP port. CC ID 01563 Configuration Preventive
    Prevent syslog from accepting messages from the network. CC ID 01562 Configuration Preventive
    Prevent X server from listening on port 6000/tcp. CC ID 01565 Configuration Preventive
    Configure the Intrusion Detection System and the Intrusion Prevention System to accept the organizational vulnerability scanning host or vendor's originating IP address. CC ID 01645 Configuration Preventive
    Configure the "Network access: Allow anonymous SID/Name translation" setting to organizational standards. CC ID 01717 Configuration Preventive
    Configure the "Network access: Do not allow anonymous enumeration of SAM accounts" setting. CC ID 01718 Configuration Preventive
    Configure the "Network access: Do not allow anonymous enumeration of SAM accounts and shares" setting. CC ID 01719 Configuration Preventive
    Enable Data Execution Protection for all applications. CC ID 01720 Configuration Preventive
    Enable digital encryption or digital signatures of secure channel data. CC ID 01736 Configuration Preventive
    Enable digital signatures of communications using the Server Message Block protocol. CC ID 01762 Configuration Preventive
    Configure the "Microsoft network client: Send unencrypted password to connect to third-party SMB servers" setting. CC ID 01764 Configuration Preventive
    Configure the amount of idle time required before disconnecting an idle session. CC ID 01763 Configuration Preventive
    Configure the "Allow reconnection from original client only" setting to organizational standards. CC ID 04515 Configuration Preventive
    Enable the disconnect clients setting (server) or force logoff setting (client) if the account's allotted logon period expire. CC ID 01765 Configuration Preventive
    Configure the "Network access: Do not allow storage of credentials or .NET Passports for network authentication" setting. CC ID 01766 Configuration Preventive
    Configure the "Network access: Let Everyone permissions apply to anonymous users" setting. CC ID 01767 Configuration Preventive
    Configure the "Network access: Named pipes that can be accessed anonymously" setting. CC ID 01768 Configuration Preventive
    Configure the "Network access: Remotely accessible registry paths" setting. CC ID 01769 Configuration Preventive
    Configure the "Network access: Sharing and security model for local accounts" setting. CC ID 01771 Configuration Preventive
    Configure the "Network security: Do not store LAN Manager hash value on next password change" setting. CC ID 01772 Configuration Preventive
    Configure the "Network security: LAN Manager authentication level" setting. CC ID 01773 Configuration Preventive
    Configure the "Network security: LDAP client signing requirements" setting. CC ID 01774 Configuration Preventive
    Configure Lightweight Directory Access Protocol connections for security. CC ID 04451 Configuration Preventive
    Configure the least session security for NT LM Security Support Provider based clients (including secure RPC) and servers settings. CC ID 01775 Configuration Preventive
    Enable the LDAP cache manager as necessary. CC ID 01460 Configuration Preventive
    Configure firewalls in accordance with organizational standards. CC ID 01926 Configuration Preventive
    Control inbound connections to the firewall. CC ID 04397 Configuration Preventive
    Control outbound connections to the firewall. CC ID 04398 Configuration Preventive
    Configure the "Windows Firewall: Do not allow exceptions" setting. CC ID 04318 Configuration Preventive